Context

Tool mentors explain how a tool can perform tasks, which are part of ITUP processes and activities. The tasks are listed as Related Elements in the Relationships section.

You can see the details of how processes and activities are supported by this tool mentor, by clicking the links next to the icons:

•   Security Management
  •   Monitor, Assess, Audit and Report Security

Details

The IBM® Tivoli® Privacy Manager server uses information that is supplied by application monitors to create and store audit trail records in a database. Application monitors are the integration components of Tivoli Privacy Manager that allow a privacy policy to be enforced and audited against in an application.

These audit records are used in conjunction with settings from the Tivoli Privacy Manager console to generate various types of reports including reports on specific histories of submission and access activity on sensitive information.

Records in the Tivoli Privacy Manager audit trails contain much more information than a typical security audit trail:

1. Time stamp for when the use/disclosure occurred.
2. Identity that received or used the information.
3. Identity of "data subject" (for example, who the data was about).
4. Names or other identifiers of the information that was accessed.
   For example, suppose the application used a pager number to send an alert to an administrator. This action constitutes a usage of personal information. The privacy audit trail should contain the name of the personal information that was used "pager number" but NOT the value of the pager "555-1212".
5. Task that the application was performing that required the personal information. For example, "sent alert".
6. Policy-defined data categories. Also known as "PII Types". These are the classifications for the resources according to the governing policy. For example, the HIPAA rule defines a category of PII called "protected health information" So a hospital system that might contain "X-Rays" would record "X-Ray" as the name of personal information that was accessed, and would enter "protected health information" as the PII type. This association between the names of the protected resources and the policy defined PII types is important because the association determines the rules and conditions that govern the legitimate use of the data.
7. Policy-defined business purposes. These purposes are normally defined by policy makers and are technology and system independent. For example, the HIPAA rule defines a business purpose called "treatment and diagnosis." An X-Ray storage facility might have a function called "display X-Ray." In its audit trail, the "display X-Ray" would be listed as the application task that was performed, and the Policy-defined business purpose would be defined as "treatment and diagnosis". By putting both of these purposes in the audit trail entry, the actual activities in the monitored system can be related to allowed business purposes.
8. Policy-defined recipients of the information. This record represents, in policy terms, the groups or roles of people that are allowed to use the personal information for the allowed business purposes. For example, the HIPAA rule states that only doctors can access protected health information for the purposes of treatment and diagnosis. If an insurance payer accesses protected health information for an application task that is considered to be treatment and diagnosis, it's against the rule. The identity that received or used the information is usually expressed in terms of an authenticated credential. So the policy-defined recipients field indicates that the authenticated credential has been associated with a particular policy-defined group.

Report criteria are specified to produce and save report definitions for the various reports. Then report definitions are used to generate reports on demand, according to the needs and requirements of the organization.

The following types of reports can be generated in Tivoli Privacy Manager (not a complete list of all possible reports):

• Privacy Policy Report: Contains detailed information about a privacy policy, including all defined groups, purposes, and PII Types.
• PII Type Report: Contains application storage location to PII-type mappings. A PII Type report can be created for a privacy policy, or monitor, or by privacy policy state.
• Global Access Report: Contains all submission and access records that are generated by one or more selected applications. The report can be tailored to include only access attempts that did not conform to the policy criteria.

Further information on the Tivoli Privacy Manager audit and reporting capability can be found in the Planning and User's Guide found at http://publib.boulder.ibm.com/tividd/td/PrivacyManagerfore-business1.2.html

For More Information

For more information about this tool, click on the link for this tool at the top of this page.