Para 3.22.75 — MSO (Audit)

MSO (Audit)mso-audit

3.22.75 The audit trail should include the following information:
(i) System information including start up time, stop time, restarts, recovery etc.
(ii) Transaction information in respect of database applications, including input items which change the database, control totals and rejected items.
(iii) Communication information, including terminal log-on/off, password use, security violations, network changes and transmission statistics, which would be of relevance to transaction processing or TP applications.

What This Means

The audit trail should capture three categories of information: system information (startup time, shutdown time, restarts, recovery events), transaction information for database applications (input items that change the database, control totals, and rejected items), and communication information (terminal log-on/log-off times, password usage, security violations, network changes, and transmission statistics relevant to transaction processing).

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Key Points

1System information: startup, shutdown, restarts, and recovery events must be logged
2Transaction information: database changes, control totals, and rejected items must be recorded
3Communication information: terminal sessions, password use, and security violations must be tracked
4Network changes and transmission statistics relevant to transaction processing must be captured
5All three categories together provide a comprehensive audit trail

Practical Example

A government financial application maintains a comprehensive audit trail with three log types. The system log records that the server started at 08:00, restarted at 14:30 due to a memory error, and shut down at 20:00. The transaction log shows that 450 vouchers were entered during the day, 12 were rejected for invalid account codes, and the control total was Rs. 2.3 crore. The communication log records that user 'clerk_101' logged in from Terminal-7 at 09:15, attempted three incorrect passwords before the account was locked at 10:00 (security violation), and that network configuration was changed at 16:00. Together, these logs give auditors a complete picture of the day's operations.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Frequently Asked Questions

Why should system startup and restart events be logged?▼

System restarts during processing could indicate hardware or software failures that may have caused data loss or corruption. Logging these events alerts auditors to periods when data integrity may have been compromised and needs additional verification.

What security violations should the communication log capture?▼

Failed login attempts, use of expired or incorrect passwords, attempts to access restricted areas, login from unauthorised terminals, and any detected hacking or intrusion attempts. These logs help identify potential security breaches for investigation.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Para 3.22.75 — MSO (Audit)

Original Rule Text

What This Means

Key Points

Practical Example

Frequently Asked Questions

Related Rules