Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook

Documentation of system logs for self-maintained data systems

Critical
High
Normal
Low

The development of system logs must keep pace with the development of the system and enable, for example, the necessary resolution of incidents. In connection with the data system list, we describe for which systems we are responsible for the implementation of the logging. For these systems, we document:

  • which data is saved on the log
  • how long log data is retained
Connected other frameworks and requirements:
I10: Turvallisuuteen liittyvien tapahtumien jäljitettävyys
12.4.1: Event logging
ISO 27001
12.4.2: Protection of log information
ISO 27001
CLD 12.4: Logging and monitoring
ISO 27017
CLD 12.4.5: Monitoring of Cloud Services
ISO 27017

Monitoring of cloud-based data systems

Critical
High
Normal
Low

When utilizing cloud-based data systems, the organisation should request information from the service provider to find out monitoring capabilities of each system.

When offering cloud services as a service provider, the organisation should provide monitoring capabilities and related documentation proactively to the customer. This includes e.g. capability to monitor if the service is being used as a platform or a vector to attack others or capability to monitor for data leaks in the service.

Connected other frameworks and requirements:
CLD 12.4: Logging and monitoring
ISO 27017
CLD 12.4.5: Monitoring of Cloud Services
ISO 27017
No items found.