cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Best Practices - Enforcing the review of Firefighter Logs/Reports

Former Member

on ‎07-20-2009 5:37 PM

0 Kudos

Hi,

I am looking for some best practices as it pertains to the review of Firefighter Usage Logs. How are companies these days reviewing, documenting, and enforcing that system generated FF logs/reports are indeed being reviewed and monitored? Anything you can share is greatly appreciated.

I have seached the GRC forum, Firefighter Post, and reviewed the recently released "Super User Access" article, but have only found information on the tool's functionality and technical specs.

Regards,

Edited by: jmsreyes on Jul 20, 2009 6:38 PM

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎07-20-2009 6:21 PM
0 Kudos

Hi,

There is no standard or best practices in enforcing the review of FF logs and reports. Every client/company plan their own strategy around this.

One of my client used to ask every controller to print out and file the printed paper with their signature on it. They were required to keep this for a year or so. Another client asked them to print it to pdf and save it to a secure location which will mean they have reviewed this log. If there is any issue, it will be the responsibility of the particular FF controller.

Regards,

Alpesh

Show replies
Show replies
Former Member
‎07-20-2009 9:17 PM
0 Kudos

Hi,

I agree with Alpesh, every client strategy may be different based on their audit reasons.

We use Access enforcer to provision firefighter access and FF logs reviewed by AE approvers. For audit reasons, we print and prepare binder with all FF logs along with managers sign-off that is on monthly basis.

Hope this helps.

-Laks

Ask a Question