Open jemrobinson opened 1 year ago
Active
implies more than just logging- have you already discussed the scope of what else is included?
I think "Active" was my term - I'll change it to something more neutral.
Logging may be a bit specific. Something more akin to traceability or actions being attributable. As this is a principle it should also include non-computing systems. So quality data related to processes. Who did, what when and by what authority for a process and what changed, when and why within a technical environment.
That wording is a mess but you get the idea.
How about "Audit logs of user actions"?
@manics , goes beyond human actions, right? Maybe observability? First stab below @harisood
Human initiated and automated processes resulting in change within the TRE should be observable. Rationale In order to understand what is happening within the TRE both automated and human initiated processes should generate sufficient data. These data allow operators to measure the effectiveness of processes and systems, improve and identify the causes of incidents. Data can also be made available to other parties such as auditors, data subjects and data providers as part of the assurance process. Implications
Potentially several things then- which do you think are in scope?
Would something like pending expiry of projects/users come into this section since it implies ongoing "monitoring" of user/project status, and you'd proactively alert them in case an extension is needed?
Yes, I think so. System/process observability is key to understanding whether your policies and controls are actually doing what is intended. You can write down "We remove access to data at the end of a contract" but unless you have data that proves you have actually done that, who is to say. That data could be a script and automated log or a calendar appointment and service desk ticket. The former obviously being preferable.
Sharing thoughts/updates from the Collab Cafe:
Human initiated and automated processes resulting in change within the TRE should be observable (in real time?)
System/process observability is key to understanding whether your policies and controls are actually doing what is intended.
It also allows operators to continuously improve their systems and processes, measure their effectiveness, and identify the causes of incidents. Data can also be made available to other parties such as auditors, data subjects and data providers as part of the assurance process.
This applies to both technical systems and policies/processes.
Summary
Propose a principle that SATRE supports monitoring of how a TRE is used
Source
Discussion with @machintim
Detail
Logging high-level information about actions taken inside a TRE (eg. deployment or change of infrastructure, movement of data, access granted or revoked to users) is important for supporting a TRE, especially if there are data incidents.
Intended Output
No response
Who can help
@machintim @JimMadge @manics