Part 11 areas of interest for an operation system

  • Are the records protected against intentional or accidental modification or deletion?
  • Is an electronic audit trail completely outside the control and access of the system administrator (except for the read only access of the audit trail file)?
  • Is it impossible to disable the audit trail function without being detected?
  • Is the system date and/or metadata protected from accidental and/or intentional modification or deletion?
  • Is the distribution of, access to, and use of the operating system and maintenance documentation controlled?