The 10 Most Common Compliance Reports

I will admit it; I’m a sucker for top 10 lists. So if you’re a marketer or blogger you nowknow you can keep these lists coming because I will definitely click the linkto see whatever it is you have to say. Idon’t know what it is about them but I’m drawn to them like a golf ball is to water. Sure the golfer knows the water is there butthey always think that this time the outcome will be different. And for the most part I know what items willmake whatever the top 10 list is touting but I’m still drawn to them to see ifsomething new or unexpected made the short list. This time of year is especially flush withthese sorts of lists and I’m finding the temptation to great to resist them,for instance here are some that have grabbed my attention thus far; ‘Top 10 TechnologyBreakthroughs for 2012’, ‘Top 10 Android Apps You Can’t Live Without’, ‘Top 10 GolfCourses to Play When the Ground is Frozen’ (well this one hasn’t been writtenyet but it might be good fodder for my next post).


Since I’ve been at Quest I’ve worked on quite a few projectsthat mapped our reporting solutions to numerous compliance regulations,guidelines and frameworks and I’ve noticed a pattern across most of them. There was enough of a pattern for me to puttogether my own top 10 list – the ten most common compliance reports. These reports can be found in our compliancereport packs in the KnowledgePortal; PCI-DSS, SOX, HIPAA, ISO, COBIT and COSO:

  1. User account logins – failed & successful
  2. User account management – create, delete, modify
  3. Inactive user accounts
  4. Group management – create, delete, modify
  5. Group membership management – users added &removed
  6. Permission changes – file/folder, ownership, database,mailbox, …
  7. Configuration changes – schema, DHCP, DNS,server configurations, network adapter, …
  8. User activity tracking
  9. Administrator activity tracking
  10. Audit policy changes