3107.0—3107.0
>Control Description
The Supplier shall generate event logs for systems that support the operation of Functions and protection of Data. The following criteria apply:
i) Logs are archived for a minimum of 12 months
ii) Logs capture (as a minimum) date, time (from a single NTP source), user ID, device accessed and port used
iii) Logs capture key security event types (e.g. critical files accessed, user accounts generated, multiple failed login attempts, logging failures from devices, events related to systems that have an internet connection)
iv) Access to modify system logs is restricted
v) Logs and security event logs can be made available upon request
vi) Store audit records in a repository that is part of a physically different system
vii) The Supplier shall ensure that systems logs are reviewed at least weekly to identify system
failures, faults, or potential security incidents and corrective actions are taken to resolve or address issues within a reasonable timeframe
viii) Review, at least every 6 months the event types selected for logging purposes to ensure these still meet business requirements
ix) Capture the operational status of the logging system and alert on any failures which impact the system's operational capacity.
>Cross-Framework Mappings
Ask AI
Configure your API key to use AI features.