The periodic audit of Synapse activity is intended to surface potential threat scenarios concerning the privacy and security of data held in the Synapse. The approach to this audit is informed by an assessment of risks to priority data, such as the data sets associated with Synapse projects marked with restricted access control lists. The risk assessment process considers access control at the point when access is granted, when access is used, and when access may become uncontrolled.
...
When | Who | What |
First two weeks of January and July | Synapse Security Engineer | Run Automation
Reference “Data Warehouse Queries, Documentation, and Handline” “Engineering Audit Resources” page for details |
Second two weeks of January and July | Synapse ACT | Sort Data & Triage Threats
Reference the “ACT Data Sorting and Triaging” “Audit Details for ACT” page for details |
Mid September | Synapse Security Engineer and Synapse ACT | Generate Audit report following this template
Reference the “Audit Report” page for details |
Late September | Director of Governance (Christine) | Review and Approve/Reject Audit Report
|
October | Synapse Security Engineer and Governance Regulatory Support Team | Security Engineer: Submit Audit Report to HITRUST Governance Regulatory Support Team: Submit Audit Report to WIRB during Synapse Continuing Review Reference the “Audit Report” page for details |