Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook

Documentation of system logs for self-maintained data systems

Critical
High
Normal
Low

The development of system logs must keep pace with the development of the system and enable, for example, the necessary resolution of incidents. In connection with the data system list, we describe for which systems we are responsible for the implementation of the logging. For these systems, we document:

  • which data is saved on the log
  • how long log data is retained
Connected other frameworks and requirements:
12.4.1: Event logging
ISO 27001
12.4.2: Protection of log information
ISO 27001
I10: Turvallisuuteen liittyvien tapahtumien jäljitettävyys
PR.PT-1: Audit/log records
NIST CSF
CLD 12.4: Logging and monitoring
ISO 27017

Protecting log information

Critical
High
Normal
Low

The logs are protected from unauthorized changes to the data and from malfunctions, which are e.g.:

  • changes to the message types that can be saved
  • editing or deleting log information
  • exceeding log storage capacity, which can result in transactions being overwritten or not logged
Connected other frameworks and requirements:
12.4.2: Protection of log information
ISO 27001
8.15: Logging
ISO 27001
No items found.