Understanding Audit Logs

Audit logs provide a complete record of all significant actions taken within a loan application. This guide helps you understand and interpret these logs, with special focus on sensitive task access tracking.

What are Audit Logs?

Audit logs are automatic records created whenever important actions occur in the system. They help with:

• Compliance and regulatory requirements
• Security monitoring and investigations
• Understanding the history of a loan application
• Tracking who did what and when

Accessing Audit Logs

To view audit logs for a loan application:

1. Open the loan application
2. Navigate to the Overview tab
3. Scroll down to the Activity Timeline section
4. The audit logs appear in chronological order

Types of Audit Events

Task-Related Events

Task Assigned

What it means: A task was assigned to a client or team member.

• Who: Shows the agent who made the assignment
• What: The task name and who it was assigned to
• When: Date and time of assignment

Task Completed

What it means: A client or team member marked a task as complete.

• Who: The person who completed the task
• What: The task that was completed
• When: Completion timestamp

Task Sensitivity Changed

What it means: An agent changed whether a task contains sensitive data.

• Who: The agent who made the change
• What: Shows the change (e.g., "from Not Sensitive to Sensitive")
• Why: Security classification update

Viewed Sensitive Task Data

What it means: Someone accessed data in a task marked as sensitive.

• Who: The person who viewed the data
• What: Which sensitive task was accessed
• When: Exact time of access
• Why: Required for compliance tracking

Loan Application Events

Application Created

The initial creation of the loan application.

Application Updated

Changes to loan details like amount, purpose, or terms.

Status Changed

Movement through the loan process stages.

Documents Uploaded

When clients or agents add documents to the application.

Understanding Sensitive Task Access Logs

Sensitive task access logs require special attention as they track access to confidential information.

What You'll See

When someone views a sensitive task, the log entry shows:

Viewed Sensitive Task Data
Task: [Task Name]
Accessed by: [User Name]
Time: [Timestamp]

Why This Matters

1. Compliance: Many regulations require tracking who accesses sensitive data
2. Security: Helps identify unusual access patterns
3. Privacy: Ensures client data is only viewed when necessary
4. Accountability: Creates a clear record of data access

Best Practices for Sensitive Data Access

• Only view sensitive data when necessary for your work
• Always have a valid business reason for accessing sensitive tasks
• Be aware that all access is logged and may be reviewed
• Report any suspicious access patterns to your supervisor

Common Audit Log Scenarios

Scenario 1: Routine Task Assignment

10:30 AM - John Smith assigned task "Submit Salary Slips" to client
10:31 AM - Email notification sent to client
2:15 PM - Client completed task "Submit Salary Slips"
2:16 PM - John Smith notified of task completion

Scenario 2: Sensitive Task Review

11:00 AM - Mary Jones changed task "Medical Records" from Not Sensitive to Sensitive
11:45 AM - Mary Jones viewed sensitive task data "Medical Records"
11:46 AM - Audit log created for sensitive data access

Scenario 3: Internal Task Creation

9:00 AM - David Brown created internal task "Compliance Review"
9:01 AM - Task marked as not visible to client
9:02 AM - No client notification sent (internal task)

Filtering and Searching Audit Logs

For loan applications with many events, you can:

1. Filter by Event Type: Show only specific types of events
2. Filter by User: See actions by a specific person
3. Search by Keyword: Find events mentioning specific terms
4. Date Range: View events from a specific time period

Audit Log Retention

• Audit logs are retained permanently
• They cannot be edited or deleted
• This ensures compliance with regulatory requirements
• Historical logs remain accessible even after loan completion

Frequently Asked Questions

Why do some events show "System" as the user?

Automatic system processes (like scheduled tasks or automated workflows) show "System" as the user.

Can I export audit logs?

Yes, audit logs can be exported for compliance reporting or external audits. Contact your administrator for export options.

What triggers an audit log entry?

Significant actions like:

• Task assignments and completions
• Status changes
• Document uploads
• Viewing sensitive data
• Security setting changes
• User access changes

How quickly do audit logs appear?

Audit logs appear immediately after an action occurs. If you don't see an expected log entry, refresh the page.

Can audit logs be used in reports?

Yes, audit log data can be included in compliance reports, security audits, and performance reviews.

Red Flags to Watch For

Be alert for these patterns that might indicate security issues:

• Unusual access times (e.g., accessing sensitive data outside business hours)
• Repeated access to sensitive tasks without clear business need
• Access by users who shouldn't need the information
• Bulk viewing of sensitive tasks in a short time period

If you notice suspicious patterns, report them to your security team immediately.

Summary

Audit logs are a powerful tool for:

• Maintaining security and compliance
• Understanding loan application history
• Tracking sensitive data access
• Investigating issues or disputes

Regular review of audit logs helps ensure your bank maintains the highest standards of data security and regulatory compliance.