Audit and Read Logs

Audit and read logs allow customers to see actions taken on their data.

In addition to tracking selected object create, update, and delete transactions, B2C Service offers optional auditing of Incident Thread and Contact reads. Incident Thread read logging is enabled by default for HIPAA instances. For HIPAA customers, this feature is configured at provisioning. When properly enabled, this feature builds upon the standard audit functionality by adding an audit log entry whenever an Incident Thread is viewed and who viewed it.

Note: You can only account for all disclosures of PHI through the Incident Thread object. PHI data captured in other areas of the product do not have read transactions logged. Oracle recommends that PHI only be stored in the Incident Thread.

For non-HIPAA customers, read logging is disabled by default. To enable the read-logging capability (the READ_LOGGING_ENABLED configuration setting for Incident Threads and/or the CONTACT_READ_LOGGING_ENABLED configuration setting for Contacts), an authorized customer representative must submit a service request on our support site. After these settings are enabled, any reads of incidents and/or contacts are logged by B2C Service.

Note: Only incidents and/or contacts are logged. Reads of other objects are not.

When using the Read Logging feature, you are responsible for making read transactions visible in the Agent Console audit log. To make them visible:

1. Open the Workspace Designer.

2. Open the desired incident or contact workspace.

3. Set Show Read Transactions to On.

Note: This setting is visible in the Workspace Designer only when READ_LOGGING_ENABLED and/or CONTACT_READ_LOGGING_ENABLED are enabled.

Use care when debugging Custom Process Management processes. When testing custom developed scripts, sensitive data may inadvertently be captured in the logs. For customers concerned with developers viewing sensitive data, Oracle recommends using test data and properly vetting the data that appears in logs.