Content library
CyberFundamentals (Belgium)
PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy.

Requirement description

Logs shall be maintained, documented, and reviewed.
Guidance
- Ensure the activity logging functionality of protection / detection hardware or software (e.g. firewalls,
anti-virus) is enabled.
- Logs should be backed up and saved for a predefined period.
- The logs should be reviewed for any unusual or unwanted trends, such as a large use of social media
websites or an unusual number of viruses consistently found on a particular computer. These trends
may indicate a more serious problem or signal the need for stronger protections in a particular area.

The organization shall ensure that the log records include an authoritative time source or internal clock time stamp that are compared and synchronized to an authoritative time source.
Guidance
Authoritative time sources include for example, an internal Network Time Protocol (NTP) server, radio
clock, atomic clock, GPS time source.

The organization shall ensure that audit processing failures on the organization's systems
generate alerts and trigger defined responses.
Guidance
The use of System Logging Protocol (Syslog) servers can be considered.

The organization shall enable authorized individuals to extend audit capabilities when
required by events.

How to fill the requirement

CyberFundamentals (Belgium)

PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy.

Task name
Priority
Status
Theme
Policy
Other requirements
Executing and documenting internal audits
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Cyber security management
33
requirements

Examples of other requirements this task affects

Članak 30.1.f: Politike i postupke za procjenu djelotvornosti mjera upravljanja kibernetičkim sigurnosnim rizicima
NIS2 Croatia
Članak 35: Provedba samoprocjene kibernetičke sigurnosti
NIS2 Croatia
9.1 §: Toimien vaikuttavuuden arviointi
Kyberturvallisuuslaki
1.5.1: Assessment of policies and requirements
TISAX
39: Conformité et audits
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Executing and documenting internal audits
1. Task description

The organization conducts internal audits in accordance with its internal audit procedure. The aim is to check:

  • whether the information security management system complies with the organisation's cyber security requirements
  • whether the information security management system complies with other operational security requirements or standards complied with
  • whether the information security management system is implemented effectively

Documented information on the execution and results of audits must be kept.

Documentation of system logs for self-maintained data systems
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Security systems and logging
30
requirements

Examples of other requirements this task affects

Članak 30.1.b (logs): Postupanje s incidentima, uključujući njihovo praćenje, evidentiranje i prijavljivanje
NIS2 Croatia
9.9a §: Poikkeamien havainnointi
Kyberturvallisuuslaki
5.2.4: Log management and analysis
TISAX
30 § 3.2° (détection et journaux): La gestion des incidents
NIS2 Belgium
PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Documentation of system logs for self-maintained data systems
1. Task description

The development of system logs must keep pace with the development of the system and enable, for example, the necessary resolution of incidents. In connection with the data system list, we describe for which systems we are responsible for the implementation of the logging. For these systems, we document:

  • which data is saved on the log
  • how long log data is retained
Collection of log data on the use of data systems
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Security systems and logging
10
requirements

Examples of other requirements this task affects

17 §: Lokitietojen kerääminen
TiHL
HAL-07.1: Seuranta ja valvonta - tietojen käyttö ja luovutukset
Julkri
TEK-12: Turvallisuuteen liittyvien tapahtumien jäljitettävyys
Julkri
TEK-12.1: Turvallisuuteen liittyvien tapahtumien jäljitettävyys - tietojen luovutukset
Julkri
49: Tietojärjestelmien lokitietojen keräys
Digiturvan kokonaiskuvapalvelu
See all related requirements and other information from tasks own page.
Go to >
Collection of log data on the use of data systems
1. Task description

The Authority must ensure that the necessary logs are kept of the use of its information systems and of the disclosure of information from them, if the use of the information system requires identification or other log-in. The purpose of log data is to monitor the use and disclosure of data contained in information systems and to detect technical errors in the information system.

In Cyberday, the owner of the information system may be responsible for controlling the collection of log data from the information system. The organisation documents the content of the logs in more detail for those information systems for which it is responsible for technical maintenance. For other information systems, the owner, in cooperation with the system vendor, checks that the necessary logs are collected.

Internal audit procedure -report publishing and maintenance
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Cyber security management
17
requirements

Examples of other requirements this task affects

ID.GV-3: Legal and regulatory requirements
NIST
14.6.: Vadovybės atsakomybė
NIS2 Lithuania
7.5: Requirements for documented information
ISO 27001
9.2: Internal audit
ISO 27001
CC1.5: Accountability for responsibilities
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Internal audit procedure -report publishing and maintenance
1. Task description

The organization has established a procedure for conducting internal audits. The procedure shall describe at least:

  • how often audits are carried out
  • who may carry out the audits (including audit criteria)
  • how the actual audit is carried out
  • how audit results are documented and to whom the results are reported
  • results should be reported to a competent authority if it's law regulated
Deployment and regular analysis of security system logs
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Security systems and logging
26
requirements

Examples of other requirements this task affects

9.1.2: Access to networks and network services
ISO 27001
12.4.1: Event logging
ISO 27001
PR.PT-1: Audit/log records
NIST
RS.AN-1: Notifications from detection systems
NIST
8.15: Logging
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Deployment and regular analysis of security system logs
1. Task description

Security systems (e.g. firewall, malware protection) often have the ability to record a log of events. At regular intervals, make sure that a comprehensive log is accumulated and try to identify suspicious activity. The log is also useful in investigating disturbances or violations.

Data system log review
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Security systems and logging
33
requirements

Examples of other requirements this task affects

Članak 30.1.b (logs): Postupanje s incidentima, uključujući njihovo praćenje, evidentiranje i prijavljivanje
NIS2 Croatia
9.9a §: Poikkeamien havainnointi
Kyberturvallisuuslaki
5.2.4: Log management and analysis
TISAX
30 § 3.2° (détection et journaux): La gestion des incidents
NIS2 Belgium
4.2.1: Review log data and collect relevant data on the incident to create a good basis for making decisions
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Data system log review
1. Task description

The organization must be aware of the logs that accrue from the use of different data systems, whether generating the logs is the responsibility of the organization or the system provider. Logs record user actions as well as anomalies, errors, and security incidents.

The adequacy of log should be reviewed regularly. If necessary, log should be usable to determine the root causes for system incidents.

Clock synchronization
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Security systems and logging
7
requirements

Examples of other requirements this task affects

12.4.4: Clock synchronisation
ISO 27001
8.17: Clock synchronization
ISO 27001
PR.PT-1: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy.
CyberFundamentals
2.3.9: Synchronize time across devices and use trusted time sources
NSM ICT-SP
3.2.6: Prevent manipulation of monitoring-data
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Clock synchronization
1. Task description

Synchronizing clocks between different systems allows for good interoperability, as well as easier tracking of problem situations and perception of event flows.

An organization must use a reliable source to adjust and synchronize time, at least for systems that are critical to its operations. When suitable organization should use two sources.

Monitoring the use of the network and information systems to identify anomalies
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Security systems and logging
18
requirements

Examples of other requirements this task affects

8.16: Monitoring activities
ISO 27001
6.11: Alusta- ja verkkopalvelujen tietoturvallinen käyttö tietosuojan ja varautumisen kannalta
Tietoturvasuunnitelma
I-11: MONITASOINEN SUOJAAMINEN – POIKKEAMIEN HAVAINNOINTIKYKY JA TOIPUMINEN
Katakri 2020
5.2.3: Malware protection
TISAX
DE.CM-1: The network is monitored to detect potential cybersecurity events.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Monitoring the use of the network and information systems to identify anomalies
1. Task description

Organization's data systems and network must be monitored to detect abnormal use. When anomalities are detected, the organization must take the necessary measures to assess the possibility of security incident.

The monitoring should utilize tools that enable real-time or regular monitoring, taking into account the organization's requirements. Monitoring practices should be able to manage large amounts of data, adapt to changing threat environment, and send alerts immediately when necessary.

Inclusion of the following sources in the monitoring system should be considered:

  • outbound and inbound network and data system traffic

    li>

  • access to critical data systems, servers, network devices and the monitoring system itself
  • critical system and network configuration files
  • logs from security tools (e.g. antivirus, IDS, IPS, network filters, firewalls)

Organization must also establish procedures for identifying and correcting "false positive" results, including tuning monitoring software for more accurate anomaly detection.

Tasks included in the policy

Task name
Priority
Status
Theme
Policy
Other requirements
No items found.

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.