TRAIN TRACK® includes an audit trail feature, available through both the client user interface and the web user interface. The standalone (desktop) edition does not include the audit trail feature. If you need the audit trail, you may upgrade to the client/server edition.

Each time a user adds, edits, or deletes a record, this information is saved to the audit trail. The audit trail includes the date of the change, the user making the change, the type of change, the record being changed, the old value, and the new value. Audit trail records include sequential ID numbers generated by the program which can't be modified, and a date and time stamp.

The audit trail also records adding, editing, or deleting users, and changes to user access levels. It records each time a user logs on or off, enters the wrong password, or changes their password. If a user enters the wrong password 3 times, an automatic email alert is sent to the administrator (see Automatic Email).

The audit trail filter allows users to filter audit trail records for viewing. Users may view a history of all changes to a record, all new records, all deleted records, and other combinations of records. Users can trace changes, and use the information to restore data that was accidentally changed or deleted. Users may also restore deleted employee records and deleted training records through the audit trail.

The process of saving changes to the audit trail runs at the database level, not the user interface. This allows all changes to the database to be captured, regardless of how the changes were made or which interface was used.

To view audit trail records, follow these steps:

1. Open the Report Menu, Audit Trail tab.

2. Click View Record Changes.

Data Included in the Audit Trail

The audit trail captures additions, edits and deletions to:

• Class Enrollments
• Employee Records
  • General Employee Information
  • Additional Job Titles
• Required Training
  • Exceptions
  • Parent/Child Module Requirements
  • Required Departments
  • Required Individuals
  • Required Job Titles
  • Series Requirements
• Users
  • User Accounts and Access Levels
  • Setting or Resetting Passwords
  • User Login and Logout
  • User Login Failure
• Training Completions
• Training Records

The audit trail DOES NOT record information about changes to records that are not directly related to training requirements:

• Classes
  • Approved Trainers
  • Scheduled Classes (unless employees are enrolled)
• Employees
  • Employee HR Information
  • Employee Notes
  • Employee Skills
• Lookup Lists
  • Class Location Lookup List
  • Department Lookup List
  • Employee Type Lookup List
  • Job Title Lookup List
  • Location Lookup List
  • Shift Lookup List
  • Training Type Lookup List
• Training
  • Exam Questions and Answers
  • Training Notes
  • Training Revisions (these are tracked within the program)

Validation and Compliance

In order to maintain the integrity of the audit trail, users cannot have access to the data tables outside the user interface. During an audit (or a self-audit), you will need to demonstrate that the people who have access to the database are not users of the application. You will also need to demonstrate that you are following the user name and password policies, and that each user has a separate Windows login name and password, and that users do not reveal their passwords to others.

For the employees logging on to take exams, each employee will need to set their password the first time they log in. All employees should be required to log in for the first time under the supervision of a manager who has already established the identity of each employee. This will ensure that the company has established the identity for each person being assigned an electronic signature.

Deleted Records

Deleted training records and employee recordsmay be restored by administrator users from the Report Menu, Audit Trail tab.For more information please see the training detail or employee detail page.

Email Notification of Failed Logins

You may configure your application to automatically send alert emails to a designated email address when a user enters the incorrect password 3 times in a row. For more information, see Automatic Email Notices.