K
Katherine H
I am looking for ways to make ACCESS 2000 Part 11
compliant. Does anyone have any suggestions?
Thanks,
Katherine
compliant. Does anyone have any suggestions?
Thanks,
Katherine
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
T
TC
If you gave an explanation or link to what you mean by "part 11
compliant", maybe someone could help you.
HTH,
TC
compliant", maybe someone could help you.
HTH,
TC
K
Katherine H
Part 11 compliant refers to security of records.
Has two main parts: 1. making sure every record is tied to
an electronic signiture 2. audit trails - identifying
users, approvals and progressions that lead back to the
original data and capture actions at the date and time
they occur, independently of the operators.
Hope this cleared it up a little.
Thanks,
Katherine
Has two main parts: 1. making sure every record is tied to
an electronic signiture 2. audit trails - identifying
users, approvals and progressions that lead back to the
original data and capture actions at the date and time
they occur, independently of the operators.
Hope this cleared it up a little.
Thanks,
Katherine
T
TC
Katherine H said:Part 11 compliant refers to security of records.
Has two main parts:
1. making sure every record is tied to an electronic signiture
I'm no expert on "electronic signatures", but as I understand it, they
work something like this. They use public key cryptography. Each
individual has a private key known only to them, and there is a public
key known to everyone. An individual can "sign" a block of information
(say a database record) by feeding that information, plus the person's
private key, into a signing algorithym. The algorthym produces a set
of numbers which are known as the signature. The point is, that the
signature can be verified correct, by anyone, using tyhe well-known
public key. So, everyone can be certain that the signed information
was, in fact, created by the specified individual - and has not been
altered since.
I guess you could code-up something like this for when the user enters
a new record? They'd have to enter their private key so the
application could generate the relevant signature & store it with the
database record.
As I say, I'm no expert in this, but I feel it should be possible "in
pinciple".
2. audit trails - identifying
users, approvals and progressions that lead back to the
original data and capture actions at the date and time
they occur, independently of the operators.
You can do this using Access user-level security & approriate code
throughout your application.
However! Unfortunately, Access user-level security passwords can be
recovered from the workgroup file in which they are stored. This is
due to a simple "schoolboy howler" mistake in how MS has stored the
passwords. Thus, using a suitable cracking product, Tom could easily
log-on as Mary. Then Tom's actions (in the system) would be audited to
Mary, so requirement 2. would fail. However, since Tom presumeably
does not know Mark's private signing key, he would not be able to make
his records look like Mary's.
HTH,
TC
K
Katherine H
Thanks for you help, I will see what I can do with this.