Auditing security

When you change values in the auditing namespace in the Server Configuration dialog, this sets the registry keys that configure auditing. Therefore, auditing can only be turned on or off by an administrator who has write access to the registry on the HPOM server.

In regulated environments (21CFR Part 11), special security requirements apply that can be fulfilled using the standard Windows EventLog security mechanisms shown below:

• Users cannot change or delete audit log entries. This is not possible in general for single eventlog entries. (You cannot change or delete a single event from a Windows eventlog).
• Access to the eventlog file can be restricted in Windows, so viewing the eventlog is not possible for non-admin users. Non-admin users also cannot delete eventlog files using the event viewer.
• Non-admin users can be restricted in Windows so they are not allowed to edit the registry; this means they cannot turn HPOM auditing on or off.