The share owners (you) are responsible for reviewing auditing when required by university policies. SFS provides you with audit logs when required. You may request audit report using this link.

Policy defines tasks that must be performed on an ongoing basis in relation to storage of confidential/high-risk data. Review of the CIFS audit logs is only required if a security incident is suspected.

HIPAA data has several requirements which need to be met on a scheduled basis, such as file-system ACL and user audits. Additional information is in the HIPAA Administrative Simplification Regulation Text.

If you suspect high-risk data has been exposed contact the Cornell IT Security Office for assistance.