LOS ANGELES COUNTY
DEPARTMENT OF MENTAL HEALTH
  Policy 558.01 System Audit Controls
 
  PROCEDURES
  1. AUDIT CONTROL AND REVIEW PLAN

    DMH System Owners/Managers must:
     
    1. Ensure the Audit Control and Review Plan identifies components of the information system environment that will record audit trails and be used in the internal audit process.  These components may include network perimeter devices (e.g., firewalls, network intrusion detection/prevention systems, routers, switches, and Virtual Private Network), servers (e.g., web, application, file, print, and database), workstations, and applications.
       
    2. Define events to be audited for the information system component identified above (e.g., logins, file access, and data modification).
       
    3. Determine the scope of information to be recorded for both information at rest (storage) and information in transit (transmission).
       
    4. Enable auditing mechanism on the information system identified above.
       
    5. Determine workforce member roles and responsibilities for operating the auditing mechanism and reviewing audit reports.  Monitoring and review of audit trails and internal audit reports must be assigned to a person who is not responsible for system operations.
       
    6. Determine frequency and content of audit reporting.
       
    7. Report potential security incidents or unusual events to DMH DISO or designee.
       
  2. MANAGING THE SECURITY OF AUDIT TRAILS

    The Departmental Information Security Officer (DISO) or designee must:
     
    1. Maintain reasonable safeguards to ensure confidentiality, availability, and integrity of audit trails and internal reports to prevent unauthorized access.  These safeguards must include, but are not limited to, the following:
       
      1. Using password protection for audit logs and internal audit reports, including the use of file integrity checkers.
      2. Backing up audit logs regularly, storing them securely, and limiting access to authorized personnel only.  The audit trails and internal audit reports process must be consistent with data backup procedures in DMH Policy 550.03.
      3. Limiting the number of workforce members assigned and granted access to audit trails and internal audit reports for monitoring and reviewing.