We are experiencing a certain issue that I am hoping someone within the community has faced and will have a better idea on how to mitigate. Being a state agency we are bound to remain federally compliant. One of the issues that we face is making sure that PHI and PII data does not get inserted into the Service Desk Manager ticketing system. Due to a variety of factors we occasionally get data within the system that would fail an audit and must be removed.
We can edit the ticket itself and remove the data. But that edit is captured within the activity log as an OLD/NEW value.
The discussed potential solution was to alter the options manager field for activity editing from WRITE PROTECTED to PUBLIC. To allow us to make edits within the activity logs. But we really only want to extend that level of editing to the system administrators while not allowing editing of the logs to the general analysts. The thought was that we could do this via a data constraint but CA was not aware of a way from which to do this.
This is a critical concern/need that we have to be able to do in order to be complaint. While we could make the edit directly to the SQL database. Alterations to our production environments require a CAB level event with a significant turn around time without even considering the long term data stability with making those kind of edits over time.
Any thoughts you have would be helpful!