User Log Purging Overview

OIPA supports the Data Retention and Purging, where you can configure automatic data purge and delete the data from the application. Once the logs are purged, they cannot be retrieved as the logs are deleted permanently from OIPA. OIPA identifies the user logs based on the Tenure and Type that includes,

  • Change Logs
  • Access Logs
  • Web Services Logs

Accessing User logs Purging

Only the users with roles AC_Admin, AC_Audit, and AC_Purge can access the User Log Purging. Click User Log Purging tile, the log summary details are displayed under the Log Purge tab.

Alerts

The banner area displays the alerts pertaining to the purge log schedules when,

  • the user logs purge schedule is expired, for example, “User Purge Schedule is about to end on <MM/DD/YYYY>, please set a new schedule.”
  • the regulatory compliance is not met, for example, "User logs purge schedule has expired on <MM/DD/YYYY>. Please set a new schedule to meet Regulatory Compliance."
  • the system identifies if there are any active or pending schedules set for purging
  • there is no purge schedule set for the first time
  • the user logs schedule has failed task - for example, "There are failed tasks on User Logs Purging job, please review and process manually"

Purge Log Summary

The User Log Purge table captures and displays the active purge schedules along with the historical purge schedules with the following details.

  • Schedule Number: unique identifier set by the system for the purge historical or active event.
  • Schedule Type: type of purge such as Immediate, Scheduled or Adhoc.
  • Status: Purge status such as,
    • Pending: schedule that is set but not yet processed (schedule is ready to be triggered on a future date).
    • Active: schedule in progress, and when at least one sub-task is triggered and processing has started. The schedule remains in Active state until the end date
    • Completed schedule that is processed (schedule has reached the end date)
    • Error: incomplete processing of schedule or sub-task that has failed due to any kind of exception
    • Shadowed: scheduled that is canceled or edited and is removed from the scheduler screen by the user
    • In Progress: schedule that is initiated and the purge process is in-progress, the system will not allow user to edit or view details by expanding the screen until the status is changed
  • Frequency: type of frequency such as Daily, Weekly, Monthly, Quarterly, Biannual, Annual, and One Time Event.
  • Schedule Date: the Start Date of the respective schedule.
  • Record Count: the total user log records that has been purged, and not the actual number of user logs picked-up through search criteria. As the purging schedule continues until the end date, the record count will increment with the count of logs purged during each purge event. The record count is displayed only for 'Active' and 'Completed' status, and not for other purge status.

  • Action Menu: this column includes the options that allows you to Edit, Delete and ReRun the purge schedules based on its status. When you want to edit or delete a schedule or task, it displays a warning message "You are ending a set purge schedule, do you still want proceed?". If you click OK, it allows to edit or delete the purge.

    • Edit: this icon appears if the purge schedules are in active status and has completed at least one task.

    • Delete: this icon appears only when the purge schedule is in pending status and has not executed even one sub-task.

    • Rerun: this icon appears if the task or sub-task run fails with an Error status and you can run this as Immediate purge process.

    • Refresh: will refresh the filter selection to default view.

View the Purge Details

In the User Log Purge table, click Row Expander Icon (row expander button), the following purge details are displayed under the Details tab,

  • Processed by: <User Name> who set the schedule
  • Start Date: schedule Start Date
  • Last Purge Date: date when the purge was executed last
  • Frequency: schedule frequency such as Daily, Weekly, Quarterly, Monthly, Biannual, Annual, One Time Event,
  • Tenure: tenure of the schedule
  • Condition: schedule is “Including” or “Excluding” weekends or holidays (Non-working days)
  • Recur Every : week days (Monday to Sunday) when this schedule will recur if the frequency is chosen as Weekly. For example, Mon, Tue, Wed, Thu, Fri, Sat, Sun

  • Note: related user notes or schedule related notes (if available) that is entered by the user

Graphical view

If you click Task summary tab, the following purge details are displayed in the graphical representation:

  • Current Task Status: status of the tasks such as Pending, Processing, Completed, Error
  • Number of Tasks Completed: the tasks completed till date
  • Total Number of Tasks: the total number of tasks that are due for the schedule
  • Next Task Date: the next task schedule date
  • Doughnut Graph: the graph appears only for completed schedules and sub-tasks. It represents the number of task completed versus the total tasks scheduled. The gray area represents the tasks pending for completion, and the blue area represents the total tasks completed.

Add Schedule

  • The + Add Schedule allows you to add new schedules for user log purging based on your business requirement. You can set the following types of purging:
    • Immediate Purge
    • Scheduled Purge
    • Adhoc Purge

    The below diagram depicts a high level view on user log purging

     

    User Log Purging Flow Diagram

     

    The below diagram depicts Adhoc purge schedule process

    Adhoc purge schedule Flow Chart

    GDPR Logs Purging

    General Data Protection Regulation (GDPR) is a privacy regulation adopted by the European Union(EU), to strengthen and standardize data protection. It has comprehensive privacy and security requirements. To be in compliance with GDPR, OIPA follows the regulation that allows its users to view and purge their user logs data in the Admin Console.

    The Personal Data Classification includes,

    • Personal Identifiers (PI): Any information that the application has captured and can directly or indirectly identify the Data Subject (any EU Citizen whose Personal Information (PI) or data is being processed). For example the PI information may include the details such as Name, Home Address, Banking Details, Medical Records/Information, Photo, Email Address, Log files with User information, Computer IP Addresses and so on.
    • Sensitive Personal Identifiers (SPI): It is a subset of Personal Identifiers (PI) for which GDPR requires organizations to apply additional and more stringent security and other Controls or safeguards. For example, the information may consist of SPI information is Ethnicity, Gender, Income Range, and so on.