Jim Scardelis, CISA, CISSP, PCI 3DS, PCIP, CIPP/US, CIPP/C, CIPP/E, CIPT, MCSE Senior Security Consultant, North America RMG PCI Services Payment Software Company (PSC), part of NCC Group email email@example.com | web www.paysw.com tel. +1.408.228.0961x140 | mobile +1.425.766.1897 | fax +1.408.340.5433
Any views or opinions contained in this communication are solely those of the author, and do not necessarily represent those of any organizations or entities the author may be associated with.
As I read, I assume that your HR system is probably hosted in third party DC or cloud system like ADP who provides access to reports, So if you need to audit then cloud audit approach to be used and good to know the DB server they use. In that case you may need to request few DB tables (employee tables) from department to do analytics manually. If not possible the best method in similar scenario will be to ask access to reporting server or use power BI or similar Business intelligence tools and connect to the database in-order to create reports you may need. Mostly access can be obtained based on SLA with the service provider, hope this helps to move forward.