Summary of audit logging requirements (Archived)
Audit logging
Ensure local audit logs are maintained for Subject Access Requests as per the table below, it is recommended that audit logs are held for a minimum of 3 months to assist with incident triage.
All mandatory fields must be adhered.
| Field Name | Field Type | Mandatory | Example | Comments |
|---|---|---|---|---|
| Unique Identifier | bigint | Y | 1686289 | |
| Event Type | character | Y | GET/POST/PUT/DELETE | |
| Audit Type | character | Y | API Establish Session, API Professional login attempt, API Retrieve Reference Data, API Retrieve Request List, API Retrieve Request Summary, API Retrieve Clinical Information, API Retrieve Clinical Attachment, API Close Session |
|
| Resource Type | character | N | Worklist, Referral Request, Appointment Request, Clinical Attachment |
|
| Event Date & Time | timestamp without time zone | Y | 2018-04-25 15:57:05.745 | Format: yyyy-MM-dd HH:mm:ss.SSS All dates must be stored in UTC |
| UUID | character | Y | 123456789012 | 12 digit Unique User Identifier of the smartcard |
| OBO UUID | character | Y | 123456789014 | On Behalf Of UUID |
| UBRN | character | Y | 000049614844 | Unique Booking Reference Number |
| NHS Number | character | Y | 9462640300 | |
| Session ID | character | Y | pro-xapi-session_38dbf5e1-c145-475f-bdbc-f71bbb167e38 | |
| Org Name | character | Y | Leeds Teaching Hospital | Organisation Name |
| User Business Function | character | Y | SERVICE_PROVIDER_CLINICIAN | B0247, B0001 |
| ASID | character | Y | 200000000200 | Acrredited System Identifier |
| FQDN | character | Y | api.test.ncrs.nhs.uk | Fully Qualified Domain Name |
| Attachment ID | character | N | 26928 | |
| Attachment Type | character | N | .JPEG, .DOC | |
| File Name | character | N | TEXT.TXT, JPEG.JPG |
