You are right. One of the products that I was involved with had an “eAudit” feature baked into the application layer tracking every change and capturing user, changed value, affected attribute / column, an event type (insert, update, delete), and the datetime stamp of the event.
Sudhakar - your question is too broad. Looks like you want to hear of use cases and solutions based on Cassandra. > On Mar 29, 2018, at 1:04 PM, Jonathan Haddad <j...@jonhaddad.com> wrote: > > If you require a full audit trail then you'll need to do this in your data > model. I recommend looking to event sourcing, which is a way of tracking all > changes to an entity over its lifetime. > > https://martinfowler.com/eaaDev/EventSourcing.html > <https://urldefense.proofpoint.com/v2/url?u=https-3A__martinfowler.com_eaaDev_EventSourcing.html&d=DwMFaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=AJfDCyM3u5-XbEgygLPEjU2yutePmNCLC8Dp7T2lLug&m=G0XkFZ3Q60mxXZxoKdsrH-HPiu2CZsAP7RLXkfMcgss&s=8gg44--3P7ybfWSvgobr8TkeXvmxq7W2pmIKlvEQmmE&e=> > > Instead of thinking of data as global mutable state, think of it as a time > series where you save each change as a completely new object. Then you can > go back in time to any point to see how it got to be the way it is. > > On Thu, Mar 29, 2018 at 9:59 AM sam sriramadhesikan > <sam.sriramadhesi...@oracle.com <mailto:sam.sriramadhesi...@oracle.com>> > wrote: > Rahul, > > CFR 21 (part 11) is an FDA-mandated electronics records standard. For any > software solution built for the life sciences / pharma industries, compliance > with this standard is a must. There are three parts to this: > > (1) Controls and audit of user logins / forcing re-login when session times > out > (2) Tracking change history of key software records (for example, a work > order) > (3) Protecting the data from unauthorized access / establishing data was not > tampered with > > Most of the compliance is built into the business application layer in the > form of data validations, audit trails, and process workflows. > > Cassandra’s RBAC plus encryption at rest would satisfy (3). If there was a > granular audit trail capability, that would address (2). (1) is a business > application function, I think. > > Thanks, > > Sam > > >> On Mar 29, 2018, at 12:29 PM, Rahul Singh <rahul.xavier.si...@gmail.com >> <mailto:rahul.xavier.si...@gmail.com>> wrote: >> >> Is that an encryption related policy? If you can clarify — maybe able to get >> better answers. There are products like Vormetrics (?) which can encrypt >> data at rest. >> >> -- >> Rahul Singh >> rahul.si...@anant.us <mailto:rahul.si...@anant.us> >> >> Anant Corporation >> >> On Mar 29, 2018, 12:23 AM -0400, Sudhakar Ganesan <sudhakar.gane...@flex.com >> <mailto:sudhakar.gane...@flex.com>>, wrote: >>> Hi, >>> >>> >>> Did anyone used Cassandra in medical industry since FDA enforces CFR 21 >>> (part 11) compliance ? >>> >>> >>> Regards, >>> >>> Sudhakar >>> >>> Legal Disclaimer : >>> The information contained in this message may be privileged and >>> confidential. >>> It is intended to be read only by the individual or entity to whom it is >>> addressed >>> or by their designee. If the reader of this message is not the intended >>> recipient, >>> you are on notice that any distribution of this message, in any form, >>> is strictly prohibited. If you have received this message in error, >>> please immediately notify the sender and delete or destroy any copy of this >>> message! >
