Skip to main content

datasynth_core/models/
it_controls.rs

1//! IT control models for ITGC (IT General Controls) testing.
2//!
3//! These models support audit procedures related to IT access management
4//! and change management, key areas assessed under ISA 315 and SOX 404.
5
6use chrono::NaiveDateTime;
7use serde::{Deserialize, Serialize};
8use uuid::Uuid;
9
10/// IT access log entry for ITGC testing.
11///
12/// Captures user authentication and authorization events across IT systems.
13/// Auditors review access logs to assess logical access controls (ISA 315,
14/// SOX 404 ITGC) including segregation of duties and privileged access.
15#[derive(Debug, Clone, Serialize, Deserialize)]
16pub struct AccessLog {
17    /// Unique identifier for this log entry
18    pub log_id: Uuid,
19    /// Timestamp of the access event
20    #[serde(with = "crate::serde_timestamp::naive")]
21    pub timestamp: NaiveDateTime,
22    /// Employee identifier (references master data)
23    pub user_id: String,
24    /// Display name of the user
25    pub user_name: String,
26    /// IT system accessed (e.g. "SAP-FI", "Active Directory", "Oracle-HR")
27    pub system: String,
28    /// Action performed: "login", "logout", "failed_login", "privilege_change", "data_export"
29    pub action: String,
30    /// Whether the action succeeded
31    pub success: bool,
32    /// Source IP address (internal network 10.x.x.x)
33    pub ip_address: String,
34    /// Session duration in minutes (populated for logout events)
35    pub session_duration_minutes: Option<u32>,
36}
37
38/// Change management record for ITGC testing.
39///
40/// Documents changes to IT systems including configuration changes, code
41/// deployments, patches, and emergency fixes. Auditors assess change
42/// management controls for proper authorization, testing, and rollback
43/// planning (ISA 315, SOX 404 ITGC).
44#[derive(Debug, Clone, Serialize, Deserialize)]
45pub struct ChangeManagementRecord {
46    /// Unique identifier for this change record
47    pub change_id: Uuid,
48    /// IT system affected
49    pub system: String,
50    /// Type: "config_change", "code_deployment", "access_change", "patch", "emergency_fix"
51    pub change_type: String,
52    /// Description of the change
53    pub description: String,
54    /// Employee who requested the change
55    pub requested_by: String,
56    /// Employee who approved (None = unapproved, an ITGC finding)
57    pub approved_by: Option<String>,
58    /// Employee who implemented the change
59    pub implemented_by: String,
60    /// Date the change was requested
61    #[serde(with = "crate::serde_timestamp::naive")]
62    pub request_date: NaiveDateTime,
63    /// Date the change was implemented
64    #[serde(with = "crate::serde_timestamp::naive")]
65    pub implementation_date: NaiveDateTime,
66    /// Whether the change was tested before deployment
67    pub tested: bool,
68    /// Reference to test evidence documentation
69    pub test_evidence: Option<String>,
70    /// Whether a rollback plan was documented
71    pub rollback_plan: bool,
72}