Scribd Logo
Upload

Welcome to Scribd!

  • 291 views

    DRAFT Audit Logging and Monitoring Policy

    Uploaded by

    hugh
    This policy outlines the requirements for auditing, logging, and monitoring activities to ensure regulatory compliance and the confidentiality, integrity, and availability of information assets. The policy applies to all parties accessing the organization's information assets regardless of location. Key events that will be audited include system events, information changes, unauthorized access, system management activities, and information exchanges. Audit records will be retained for a minimum of seven years. The policy will be reviewed annually.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    DRAFT Audit Logging and Monitoring Policy

    Uploaded by

    hugh
    291 views3 pages
    This policy outlines the requirements for auditing, logging, and monitoring activities to ensure regulatory compliance and the confidentiality, integrity, and availability of information assets. The policy applies to all parties accessing the organization's information assets regardless of location. Key events that will be audited include system events, information changes, unauthorized access, system management activities, and information exchanges. Audit records will be retained for a minimum of seven years. The policy will be reviewed annually.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This policy outlines the requirements for auditing, logging, and monitoring activities to ensure regulatory compliance and the confidentiality, integrity, and availability of information assets. The policy applies to all parties accessing the organization's information assets regardless of location. Key events that will be audited include system events, information changes, unauthorized access, system management activities, and information exchanges. Audit records will be retained for a minimum of seven years. The policy will be reviewed annually.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    291 views3 pages

    DRAFT Audit Logging and Monitoring Policy

    Uploaded by

    hugh
    This policy outlines the requirements for auditing, logging, and monitoring activities to ensure regulatory compliance and the confidentiality, integrity, and availability of information assets. The policy applies to all parties accessing the organization's information assets regardless of location. Key events that will be audited include system events, information changes, unauthorized access, system management activities, and information exchanges. Audit records will be retained for a minimum of seven years. The policy will be reviewed annually.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 3

    Audit Logging and Monitoring Policy

    DATE: ……….
    Purpose
    To address the regulatory requirements for safeguarding the confidentiality, integrity, and
    availability of information assets through auditing, logging, and monitoring activities.
    To verify compliance with access controls and administrative and other safeguards
    developed and implemented to prevent/limit inappropriate access to data.
    To ensure that routine and random audits are utilized as oversight tools for recording and
    examining access to information (e.g., who accessed what data and when).

    Scope
    This policy applies to all parties who access or use our information assets, regardless of
    physical location.
    IT resources include all owned, licensed, leased, or managed hardware and software, and
    use of our network via a physical or wireless connection, regardless of the ownership of the
    computing device connected to the network.
    This policy applies to information technology administered centrally; personally-owned
    computing devices connected by wire or wireless to our network; and to off-site computing
    devices that connect remotely to our network.

    Policy
    Audit Policy:
    To ensure that appropriate safeguards are in place and effective, we shall audit, log, and
    monitor access and events to detect, report, and guard against:
     Network vulnerabilities and intrusions
     Performance problems and flaws in applications
     Audit Logging and Monitoring Policy 8-1-2017.docx
     Security violations
     Data loss
     Unauthorized access to confidential data, attorney-client privileged information,
    etc.
     Breaches in confidentiality and security of confidential data
     Degradation or loss of information integrity (e.g., improper alteration or destruction
    of confidential data)
    We are committed to conducting business in compliance with all applicable laws,
    regulations and our own policies.

    DATE: ……….
    The following events may be audited:
     Normal system events (e.g., startup, shutdown, login attempts, errors, security
    policy changes, software installations, etc.).
     Information changes (e.g., create, read, update, delete) including confidential data.
     Unauthorized access to confidential data for non-permitted purposes.
     System management activities including execution of privileged functions.
     Information exchanges containing confidential data.

    Audit Record Retention:


    Audit Records shall be retained and archived for a minimum of seven (7) years

    Review of this policy: this will be reviewed annually by the Director.


    Next review date: <DATE>

    DATE: ……….

    You might also like