084 – Allow transaction history queries

Summary

The system must allow authorized users to inspect their own transaction history.

Description

Systems usually collect personal and transactional data from their users. Users should have control of their own data and, as such, should be allowed to query and inspect whatever information the system has collected from them, including their transactional records.

Supported In

Advanced: True

References

• GDPR-R7. The framework is based on control and certainty
• HIPAA-164_308_a_1_ii_D. Information system activity review (required)
• FCRA-604-E_5. Notification system
• NYDFS-500_6. Audit trail
• PADSS-6_1. The wireless technology must be implemented securely
• CMMC-AC_L1-3_1_2. Transaction & function control
• HITRUST-09_y. On-line transactions
• HITRUST-13_f. Principle access

Last updated

2023/09/18