If you operate in a regulated industry like the aerospace, defense, nuclear energy, or medical devices, you are no stranger to audit control requirements for your business systems. Government regulations require closed loop systems and traceability regarding which user took which action at what time. Those of you who fly regularly or spend any amount of time at the hospital are thankful that these system controls eliminate a certain number of errors from critical products.
If you’re not in one of these industries though, you may not have thought about the value of audit control to your engineering data management processes. Two examples highlight this concept.
The first application for audit control is with controlled drawing stations, which companies use on the shop floor to ensure that manufacturing personnel work to exactly the right version of a drawing (or document). The business process dictates that only controlled copies can be used to manufacture product, and that Document Control knows exactly what version of a drawing resides in each controlled drawing station. Document Control is responsible for maintaining these stations and replacing drawings when new versions are issued through ECx processes.
What if anyone could print out of the PDM system, and the system recorded exactly what was printed, and by whom? Then any time a change process was completed that affected a specific drawing revision, all users who had printed that version of the drawing could be notified. To close the loop further, users could let the PDM system know that they had destroyed a particular drawing, preventing them from being notified in the future about changes to that document.
The second application for audit control is with intellectual property management. Some industries are highly competitive and industrial espionage takes place frequently. Not the cloak-and-dagger kind of spying, but rather the kind where thumb drives walk out the door with hundreds of megabytes of sensitive data on them. For companies operating in this type of environment, the choice is often to lock down data management systems so tightly as to constrain the creative process and limit innovation.
A new alternative is to leave the system relatively open, but to log whom looks at which objects in the system. This may seem Big Brother-like but can protect users as well as the company. For instance, if a hacker gains access to the network, cracks the engineering manager’s password, and steals some important data, it might seem obvious to everyone that the engineering manager was the only one with access and is, therefore, responsible.
With auditing in place, PDM system administrators would be able to clear the engineering manager by examining the dates and times that his account accessed the data in question (since his Windows account was logged off and he wasn’t even in the building at the time the PDM was hacked). Furthermore, with timestamps in hand, IT security staff may be able to tie the data loss to a specific network breach to help track down the hacker by knowing what they took. In this case, audit control is just providing an extra layer of assurance that you know what is happening with your data at all times.
These applications for auditing are great, but are usually reserved for the big players with thousands of users, right? No, in fact, simple audit controls can be put in place on most PDM systems, not just SolidWorks Enterprise PDM and ENOVIA SmarTeam. As long as the PDM system has an event-driven API, it’s a matter of determining what system activities need to be logged and configuring some scripts/programs to do just that. In the case of ENOVIA SmarTeam, there is even a Regulatory Compliance module that gets you 90% of the way there out-of-the-box.