ISG Playbook
APIs
This clinic outcomes page will be posted in a confluence space available to all Federal and contractor employees in the CCSQ Community
Original Story: As a QSEP Administrator, I want the system to capture in an audit log, information identifying that a new period of review was created so that in the event of a security audit I can show when the new period of review was created.
AC:
1. The system should capture an audit log entry after the review period has been created.
2. The audit log file should be readable by a text editor and/or MS Excel.
Given that a new review period has just been created,
When the automated QSEP process to create a new review period has successfully completed,
Then the system should capture an audit log entry that identifies that a new period of review was created, and the period start and end dates. The audit log file should be readable by a text editor and/or MS Excel.
Note:
- The system should perform this function automatically w/o any human intervention to initiate the process.
- There is no requirement to publish log file information and/or make it available to QSEP users. The intent is to capture and save a record of the event to satisfy CMS access and control requirements and/or to help identify when the review period was created for future reference.
Author: Fernanda Bierley
Notes:
This work is probably an enabler. It delivers system value but not direct user value. Use "Enabler:" in the story title and/or Labels. It is best backlog management practice to differentiate Enabler, Research (Spike), and User Story deliverables so you can track how much team capacity is allocated to each category for a given Program Increment.
- The business value statement is good!
- Excellent Given, When, Then statement
- Notes add value and context
- User story has mockup example of audit log file.
Revised Story:
As a QSEP Administrator, I want the system to capture in an audit log, information identifying that a new period of review was created so that in the event of a security audit I can show when the new period of review was created. (no changes)
AC:
Verify the system has captured an audit log entry after the review period has been created.
Verify the audit log file is readable by a text editor and/or MS Excel.
Verify the QSEP Admin can access the audit log file through the XYZ application.
Verify the audit log matches the data layout in the Audit File Layout.docx file.
Verify the audit logs are available for X years.