On 1/10/13 11:16 AM, Ed Leafe wrote: > On Jan 10, 2013, at 1:14 PM, Ken Dibble <[email protected]> wrote: > >>> There are ways to deal with this, such as hash the previous record >>> with the current record so that if a record is deleted, the hash won't >>> match. You won't recover the data, buy you'll know that a change was made. >> >> Okay. But does that comply with the standard? "Immutable" means "incapable >> of being changed", not "changes can be detected after they occur". > > This only proves that the records weren't changed. You need something > else to ensure that they can't be changed. > > Part of compliance is proving that your methods are working.
Do the hashed log entries, *plus* write the audit logs to write-once DVD. :) Paul _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
