Texas A&M University – Electronic Protected Health Information Audit Log Requirements
3.3 3.3.3 Audit and Accountability
https://it.tamu.edu/policy/it-policy/laws-regulations/pdfs/AuditLogRequirementsControl.pdf
This policy provides an example of events surrounding confidential or restricted information that are typically logged. While this example is for health information, the log requirements would apply to other restricted information as well. The policy includes a description of log reviews.
University of California Berkley Information Security Office – Security Audit Logging Guideline
3.3 3.3.1 3.3.3 Audit and Accountability
https://security.berkeley.edu/security-audit-logging-guideline
This guideline describes the risk of inadequate logging, defines events to be logged and establishes a case for using an automated tool for log review.
