We have a Document management system which hold sensitive data. Currently the users on the system can view the documents within the framework of the software we provided. We do have an audit trail on the documents access etc.
But this still leave a hole in the security aspect as the application custodian where the s/w is installed still has access to the folders where this documents are residing.
How do we ensure that the system admin can't access this folder and only the access is permitted via the software application.