When to use this
Use this standard to define loggable events, minimum log fields, retention, protection, review, and escalation requirements.
Related controls
- A.8.15 Logging
- A.5.25 Assessment and Decision on Information Security Events
- A.5.26 Response to Information Security Incidents
Logging requirements
| Event/source type | Minimum fields | Retention | Protection | Review frequency | Escalation trigger |
|---|---|---|---|---|---|
| Privileged activity | User/event/time/source/action | TBD | Central/protected | TBD | TBD |
| Failed access attempts | User/source/time/result | TBD | TBD | TBD | TBD |
| Configuration changes | User/change/time/system | TBD | TBD | TBD | TBD |
| Faults/exceptions | System/fault/time/impact | TBD | TBD | TBD | TBD |
Minimum checks
- Loggable events are risk-based.
- Minimum log fields are defined.
- Retention is defined.
- Logs are protected from tampering.
- Review responsibility is assigned.
- Alert escalation is defined.
- Template
- Iso27001
- Technological controls
- Logging
- Monitoring
Note Metadata
Aliases: Logging Standard
Source: 90 Templates/Logging and Monitoring Standard.md
Related Notes
- ISO 27001 A.5.25 - Assessment and Decision on Information Security Events
- ISO 27001 A.5.26 - Response to Information Security Incidents
- A.8.15 Audit Evidence Pack
- ISO 27001 A.8.15 - Logging
- ISO 27001 A.8.16 - Monitoring Activities
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- ISO 27002 Annex A Control Interpretation Map
- A.8.15 Audit Checklist
- Log Source and Retention Register
- Templates MOC