mstanton1
commented
5 days ago @sal-hamood our STRA identified unauthorized access to private information as a risk. We already have user level auditing for end users and staff logon, but are missing a way to monitor operational access (via DB). Since this would add value across products it seems like something that SRE or SBC Connect would be best to pick up. Do you have a thought on where this fits? I will reach out to the appropriate team.
BC Registries has user level auditing which would enable us to review access to BTR if an information incident arose. A similar level of auditing is required to monitor operational staff accessing the database.
This operational monitoring would add value across applications so should be raised to SRE or SBC Connect to have a team commit to the work.
Note: Melissa to update STRA RISK0012140 when this operational monitoring is in place.