Security Information and Event Management Logging | HIPAA

  • ammondragon
    Asked on March 18, 2020 at 9:21 AM

    Is audit and logging information (for the HIPAA form solution) exportable to a SIEM platform that we specify?  If not, does Jotform export to their own internal SIEM platform?


  • Carlos_C
    Replied on March 18, 2020 at 10:24 AM

    Hello,

    Thank you for contacting us.

    Right now we don't offer integration to SIEM Platform, an alternative solution for that is to download your data, you can follow the steps here:


    1. You can download the submission data to Excel or CSV data file format.


    You can do it on the View submission page of your form.

    1584541195Screenshot 2020 03 18T081911 Screenshot 20


    Here is the user guide: How-to-Download-Form-Submissions-as-Excel-CSV-PDF.


    2. To download all the data at once, you can do it from your My account's data page via the Download my data button, https://www.jotform.com/myaccount/data.

    Security Information and Event Management Logging | HIPAA Image 1 Screenshot 31

    Here is a guide: https://www.jotform.com/help/374-How-to-Export-All-of-Your-Data-at-Once

    You may check our Help guide to understand the architecture.

    https://www.jotform.com/help/506-JotForm-HIPAA-Compliance.

    https://www.jotform.com/hipaa/


    If you need any further assistance, please let us know. We will be happy to help.

  • ammondragon
    Replied on March 18, 2020 at 12:32 PM

    Thank you for your response. To further clarify, this is regarding audit and logging information  and not form submission. Given that Jotform does not integrate with a SIEM, is Jotform capable of doing so internally via their own SIEM? If so, would this be an enterprise feature?

  • BJoanna
    Replied on March 18, 2020 at 1:34 PM

    We are recording the account activity logs, which can be found on the History page. 

    How to View Your Account Activity Logs

    They cannot be downloaded. You can only print them with the browser's print option.

    For HIPAA accounts additional logs are also recorded, but they are not shown on the account.

    JotForm HIPAA Compliance

    Monitoring - All network requests, successful and unsuccessful, are logged, along with all system logs. API PHI requests (GET, POST, PUT, DELETE) log the requestor, location, and data changed/viewed. Additionally, alerts are proactively sent based on suspicious activity. OSSEC is used for IDS and file integrity monitoring.

    With JotForm Enterprise, additional logs are also recorded. They are encrypted and we can send them upon request.