Skip to main content

datasynth_core/models/
it_controls.rs

1//! IT control models for ITGC (IT General Controls) testing.
2//!
3//! These models support audit procedures related to IT access management
4//! and change management, key areas assessed under ISA 315 and SOX 404.
5
6use chrono::NaiveDateTime;
7use serde::{Deserialize, Serialize};
8use uuid::Uuid;
9
10/// IT access log entry for ITGC testing.
11///
12/// Captures user authentication and authorization events across IT systems.
13/// Auditors review access logs to assess logical access controls (ISA 315,
14/// SOX 404 ITGC) including segregation of duties and privileged access.
15#[derive(Debug, Clone, Serialize, Deserialize)]
16pub struct AccessLog {
17    /// Unique identifier for this log entry
18    pub log_id: Uuid,
19    /// Timestamp of the access event
20    pub timestamp: NaiveDateTime,
21    /// Employee identifier (references master data)
22    pub user_id: String,
23    /// Display name of the user
24    pub user_name: String,
25    /// IT system accessed (e.g. "SAP-FI", "Active Directory", "Oracle-HR")
26    pub system: String,
27    /// Action performed: "login", "logout", "failed_login", "privilege_change", "data_export"
28    pub action: String,
29    /// Whether the action succeeded
30    pub success: bool,
31    /// Source IP address (internal network 10.x.x.x)
32    pub ip_address: String,
33    /// Session duration in minutes (populated for logout events)
34    pub session_duration_minutes: Option<u32>,
35}
36
37/// Change management record for ITGC testing.
38///
39/// Documents changes to IT systems including configuration changes, code
40/// deployments, patches, and emergency fixes. Auditors assess change
41/// management controls for proper authorization, testing, and rollback
42/// planning (ISA 315, SOX 404 ITGC).
43#[derive(Debug, Clone, Serialize, Deserialize)]
44pub struct ChangeManagementRecord {
45    /// Unique identifier for this change record
46    pub change_id: Uuid,
47    /// IT system affected
48    pub system: String,
49    /// Type: "config_change", "code_deployment", "access_change", "patch", "emergency_fix"
50    pub change_type: String,
51    /// Description of the change
52    pub description: String,
53    /// Employee who requested the change
54    pub requested_by: String,
55    /// Employee who approved (None = unapproved, an ITGC finding)
56    pub approved_by: Option<String>,
57    /// Employee who implemented the change
58    pub implemented_by: String,
59    /// Date the change was requested
60    pub request_date: NaiveDateTime,
61    /// Date the change was implemented
62    pub implementation_date: NaiveDateTime,
63    /// Whether the change was tested before deployment
64    pub tested: bool,
65    /// Reference to test evidence documentation
66    pub test_evidence: Option<String>,
67    /// Whether a rollback plan was documented
68    pub rollback_plan: bool,
69}