Memory cues
| Control | Cue |
|---|---|
| A.8.14 Redundancy of Information Processing Facilities | Redundancy must meet availability requirements |
| A.8.15 Logging | Produce, store, protect, and analyse useful logs |
Likely exam traps
- A.8.14 does not require full redundancy for every system.
- Backup is not the same as redundancy.
- Cloud resilience still needs design and testing evidence.
- A.8.15 is not only log collection.
- Logs must be protected against tampering and deletion.
- SIEM presence is weak evidence without coverage, rules, review, and escalation.
Quick comparison
| Question | A.8.14 | A.8.15 |
|---|---|---|
| Main concern | Availability through sufficient redundancy | Detection, investigation, accountability, and fault analysis |
| Evidence | Availability requirements, architecture, failover tests, recovery records | Logging standard, log sources, sample logs, retention, protection, alert reviews |
| Common failure | Untested failover or missing dependencies | Logs collected but not reviewed or protected |
| Audit method | Compare redundancy test results to availability targets | Sample logs and follow alerts to triage/action |
Practical mentor takeaway
Exam lens
A.8.14 asks whether critical processing can survive failures at the required level. A.8.15 asks whether system events become reliable evidence and actionable monitoring.
- Iso27001
- Exam
- Technological controls
- Redundancy
- Logging
Note Metadata
Aliases: A.8.14 A.8.15 exam cues
Source: 09-Exam-Preparation/EXAM-033-Redundancy-and-Logging.md