If you require a full audit trail then you'll need to do this in your data model. I recommend looking to event sourcing, which is a way of tracking all changes to an entity over its lifetime.
https://martinfowler.com/eaaDev/EventSourcing.html Instead of thinking of data as global mutable state, think of it as a time series where you save each change as a completely new object. Then you can go back in time to any point to see how it got to be the way it is. On Thu, Mar 29, 2018 at 9:59 AM sam sriramadhesikan < sam.sriramadhesi...@oracle.com> wrote: > Rahul, > > CFR 21 (part 11) is an FDA-mandated electronics records standard. For any > software solution built for the life sciences / pharma industries, > compliance with this standard is a must. There are three parts to this: > > (1) Controls and audit of user logins / forcing re-login when session > times out > (2) Tracking change history of key software records (for example, a work > order) > (3) Protecting the data from unauthorized access / establishing data was > not tampered with > > Most of the compliance is built into the business application layer in the > form of data validations, audit trails, and process workflows. > > Cassandra’s RBAC plus encryption at rest would satisfy (3). If there was a > granular audit trail capability, that would address (2). (1) is a business > application function, I think. > > Thanks, > > Sam > > > On Mar 29, 2018, at 12:29 PM, Rahul Singh <rahul.xavier.si...@gmail.com> > wrote: > > Is that an encryption related policy? If you can clarify — maybe able to > get better answers. There are products like Vormetrics (?) which can > encrypt data at rest. > > -- > Rahul Singh > rahul.si...@anant.us > > Anant Corporation > > On Mar 29, 2018, 12:23 AM -0400, Sudhakar Ganesan < > sudhakar.gane...@flex.com>, wrote: > > Hi, > > > Did anyone used Cassandra in medical industry since FDA enforces CFR 21 > (part 11) compliance ? > > > Regards, > > Sudhakar > Legal Disclaimer : > The information contained in this message may be privileged and > confidential. > It is intended to be read only by the individual or entity to whom it is > addressed > or by their designee. If the reader of this message is not the intended > recipient, > you are on notice that any distribution of this message, in any form, > is strictly prohibited. If you have received this message in error, > please immediately notify the sender and delete or destroy any copy of > this message! > > >
