Logging policy
Summary
The logging policy defines requirements for logging and monitoring.
The policy is applicable to all internal Systems and (cloud) services.
Principles
Logging
- Recording (special) PII in log files should be avoided
- Access to special PII should be logged
- Log files should be protected from deletion or modification
- All logging systems should be synchronized with the same NTP source
- Log files are kept at least 30 days
Monitoring
Usage logs of access to special PII should be monitored by the respective system owner
Updated over 1 year ago