Hi guys! First post for me.
I need to build a DCAA compliant timekeeping system, which includes logging timestamps and ip addresses for time posts in an audit log, as well as previous values for records that are edited any day after their original post date. All of this I have previous experience with and this is within my capabilities.
If anybody out there has dealt with Defense Contract Audit Agency (DCAA), what I need to know is this: Does my ability to change records on the back-end in rare circumstances disqualify this design as DCAA-compliant? If so, does anyone have any suggestions for how I can conditionally lock myself out of this functionality to prove that records can only be edited by a employee/supervisor through the web interface?
Thanks so much for your assistance!