Custom Fields reporting in Audit

Idea created by Chad Brown on Aug 29, 2017
    Implemented
    Score20
    • Josh Mills
    • Todd Thomas
    • Chad Brown
    • Gustavo Trujillo

    We recently discovered the contents of Custom Fields does not report in the Audit. Additionally, if a CHANGE is in a state of "WAITING FOR APPROVAL" and a Custom Field is modified, it DOES NOT trigger re-approval.

     

    We consider this a serious issue in the Application. The CUSTOM FIELDS section of the application is what allows Enterprises to accommodate for the Multi-Tenant nature of the application. If an Enterprise decides they need these custom fields in the application, the data put into those fields should report back into the Audit.

     

    In regards to Changes, the application has two significant limitations we had to overcome to get value out of the module.

    1. There is a SINGLE Change module for our Entire Enterprise. So, it doesn't matter if the Change is in Test, Development, Pre-Prod, UAT, Disaster Recovery, or Production. It doesn't matter if the Change is for Human Resources, Facilities, Application Development, Systems Engineering, or Telecommunications. It doesn't matter if the Change is to DML, DDL, Server Rack, Enterprise Application, Development Environment, or Exchange. --- They must ALL use the same Change form. The only way to accommodate for this was putting in Mandatory Fields that classify the Environment, Risk, Impact, and Affected Systems.
    2. There is no way to tell the TIME the change is start and end from the Incident Index. The application ONLY reports back the Date. Requiring a Change Advisory Board to open every single change, just to see proposed time is ridiculous. SO, we had to create our own  CUSTOM FIELDS for planned start and planned end date/time. Now, at CAB, they can see from the main screen, the Change Plan, Description, Rollback, Environment, Affected Systems, Risk, Impact, and very importantly, the proposed TIME and DATE of the change.

     

    Now we discover if someone, after CAB approval, makes changes to any of our CUSTOM FIELDS, it looks as though the CAB approved those variables. There is NOTHING in the audit log to say otherwise.

     

    Or, if a Incident was originally set with certain custom fields, that drive other requirements, they can be modified after the fact, and again, there is NO RECORD that change was made.

    What problem will this feature solve?:
    This would resolve the need by organizations to engineer solutions around current lapses in the application, or to accommodate for the multi-tenant environment of the application. We can no longer use Samanage as a AUDIT source as a result of this discovery. meaning we now have to look for ways of doing this outside the application - reducing the value and need for the application in our Enterprise.