cancel
Showing results for 
Search instead for 
Did you mean: 

Disable Logs - Sensitive Data

BenRPA
Level 4
Hi all, I am working for a client who wants to disable logs for certain values (Private employee information such as Social Security Number(SSN)). I need to use that SSN for the 3 steps following the moment I get it, but I do not need it afterwards. The client is not allowed to keep any log about the SSN. If I disable the "Stage Logging" for the 3 steps using SSN, does that mean that I will not have any log/information about SSN within the Blue Prism database? Any additionnal steps needed? Thanks for the help! Ben
1 BEST ANSWER

Helpful Answers

BastiaanBezemer
Level 5
Hi Ben, If an Object uses the SSN and the SSN is passed on to it, also be sure to disable logging on the Start and End stages. If the data is stored in the Queue, either discuss  with the client if Queue encryption is sufficient, or rework the queue so it is not contained. Kind regards, Bastiaan

View answer in original post

3 REPLIES 3

BastiaanBezemer
Level 5
Hi Ben, If an Object uses the SSN and the SSN is passed on to it, also be sure to disable logging on the Start and End stages. If the data is stored in the Queue, either discuss  with the client if Queue encryption is sufficient, or rework the queue so it is not contained. Kind regards, Bastiaan

BenRPA
Level 4
Queue Encryption might not be enough. Thanks Bastiaan for your input, I really appreciate it! I have disabled stage logging as discussed. Kind regards, Ben

david.l.morris
Level 15
HI Ben, You seem like you may have this solved, but there are three things that come to mind in addition to what you and Bastiaan discussed. (1) Disabling stage logging will work unless someone overrides the logging level from the System Tab > Resources > Management area. If you right click on a Resource, you'll see that there are logging level overrides there. Just something to consider. This might just mean you should restrict access to that part of the System to only people who understand how to use that section. (2) In addition to disabling stage logging, you should tick the checkbox in action stages where it says ""Don't log parameters on this stage"". (3) You could also treat the SSN as a password datatype. It will work just fine for data entry where necessary, but if it does happen to get logged anywhere such as session logs, etc., it will not show the actual SSN. (actually a 4th thing comes to mind now that you could encrypt the SSN when you first retrieve it and then decrypt it before you write it anywhere. But that might be overkill. Haha) Anyway, just some input. Hope it helps! Respectfully, Dave

Dave Morris, 3Ci at Southern Company