Hi guys! First post for me.

I need to build a DCAA compliant timekeeping system, which includes logging timestamps and ip addresses for time posts in an audit log, as well as previous values for records that are edited any day after their original post date. All of this I have previous experience with and this is within my capabilities.

I will be building this with back-end MySQL, and front-end interfaces mixing PHP, HTML, CSS and maybe JavaScript/AJAX once running reliably (Client-side code gives me a headache). As an admin, I can edit records on the fly directly through the back-end tables if necessary.

If anybody out there has dealt with Defense Contract Audit Agency (DCAA), what I need to know is this: Does my ability to change records on the back-end in rare circumstances disqualify this design as DCAA-compliant? If so, does anyone have any suggestions for how I can conditionally lock myself out of this functionality to prove that records can only be edited by a employee/supervisor through the web interface?

Thanks so much for your assistance!