I am looking for the best solution to answer the following needs:
A new Swiss law will come into force in September 2023. It will oblige information systems to be able to report that a user has accessed the data. The objective is to set up a SIEM (Security Information and Event Management Solution).
Thus, a solution is needed that allows to:
Logging of at least the following personal data operations (Art. 3, para. 2):
The logbook must provide information on (Art. 3, para. 3)
the nature of the processing
the identity of the person who carried out the processing
the identity of the recipient
the time at which the processing took place
Also, logs must be kept for 1 year separately from the system in which the personal data are processed.
So I wanted to know if there is already an existing solution in Alfresco (on an Alfresco 4.2 Community version) or if it was necessary to develop a custom solution? And if a custom solution needs to be developed, what would be the best solution to meet the needs and limit the impact on the application's operation?
For information: The two laws are: New Federal Law on Data Protection (nLPD) and new Ordinance on the Federal Law on Data Protection (nOLPD)
PS: This is my first topic created here. I hope I'm not in the wrong forum but if I am, I'm sorry for that