A record or set of records providing evidence of activities which impact (or may impact) a system, entity or process.

In an information security context, the term is employed to mean a record of system activities which enable the examination of security events.

The term is not often commonly used in legislation, but a carefully preserved system of documentation is often a requirement to demonstrate compliance in practice. The trail of filed information should allow an external auditor (for example, a supervisory authority) to re-trace the steps taken to protect personal data. For example, in the event of a breach of personal data, a trail of documents showing prompt remedial action and timely data breach notification of affected data subjects can be a mitigating factor when a regulator assesses a data controller’s responsibility for the lapse.

Further reading:

See also: ACCOUNTABILITY

Reference & Dictionaries