Logging policy


The logging policy defines requirements for logging and monitoring.

The policy is applicable to all internal Systems and (cloud) services.



  • Recording (special) PII in log files should be avoided
  • Access to special PII should be logged
  • Log files should be protected from deletion or modification
  • All logging systems should be synchronized with the same NTP source
  • Log files are kept at least 30 days


Usage logs of access to special PII should be monitored by the respective system owner