Skip to content

Access and Data Monitoring

LMU/COICP Example

Access and Data Monitoring Example

Monitor LMU/COICP approved reviewer accounts, reviewer activity, synthetic incident dataset controls, prohibited data boundaries, access concerns, and data-governance findings.

ES-113 Access and Data LMU Boundary Monitoring

Example purpose

This artifact records access and data monitoring during ES-113.

Access and data monitoring verifies that the LMU internal engineering review environment continued to use only approved reviewers and synthetic sample incident data.

Project

LMU Campus Operations and Incident Coordination Platform

Document control

Field Value
Artifact owner LMU IT Security Reviewer
Primary reviewers Product owner, product engineer, Compliance reviewer, AI reviewer
Status Accepted with access-control matrix concern carried forward
Last updated 2026-07-06
Related Engineering Stage ES-113 — Monitoring and Operations
Project workspace target docs/project-workspace/monitoring/access_and_data_monitoring.md

Reviewer access monitoring

Group Approved Accounts Active Accounts Result Notes
Campus Operations 5 5 Pass Approved reviewers only
Facilities Coordination 3 3 Pass Approved reviewers only
Residence Life 3 2 Pass One approved reviewer inactive
Campus Safety Liaison 2 2 Pass Approved reviewers only
Information Technology 4 3 Pass Approved reviewers only
Compliance Office 2 1 Pass Approved reviewer only
Architecture Review Board 4 2 Pass Approved reviewers only
AI Review 1 1 Pass Approved reviewer only
External / unapproved users 0 0 Pass No external users

Data monitoring

Dataset / Data Type Records Approved? Result Notes
Spring Semester Synthetic Incident Dataset 421 Yes Pass Loaded dataset remained unchanged
Synthetic review incidents created during monitoring 246 Yes Pass Created by approved reviewers
Real campus incident data 0 No Pass None observed
Medical or clinical data 0 No Pass None observed
Law enforcement records 0 No Pass None observed
Sensitive personal data 0 No Pass None observed
Production data 0 No Pass None observed

Access monitoring observations

  • No non-approved LMU account accessed the environment.
  • No operational users outside the review group were added.
  • No student, faculty, or public user access existed.
  • Approved reviewers used review accounts tied to their LMU review role.
  • DEF-002 remains open because full access-control matrix testing is incomplete; this monitoring record only confirms reviewer-environment access boundaries.

Data monitoring observations

  • The Spring Semester Synthetic Incident Dataset remained the only preloaded dataset.
  • Reviewers created 246 additional synthetic records during exercises.
  • Compliance reviewer found no real incident details.
  • Two synthetic incidents used realistic campus building names, but no real event details or individuals.
  • Data controls are sufficient for internal review only.

Access/data decision

Access and data boundaries held for the internal engineering review environment.

This does not approve operational pilot because DEF-002 remains open and real-data retention remains unresolved.

Continue to Guardrail Monitoring

Monitor COICP evidence, access, emergency-boundary, AI-disabled, and workflow guardrails.

Open Guardrail Monitoring →