Security - Logs Management for the Operation of the System
Last updated: 01 December 2022
Ref: 7362056a-e2f1-40c4-b919-u5s2ufn0s76g
Liqvid PTE. LTD. recognizes the importance of logs management for the operation of the system in its AWS infrastructure. This policy outlines the guidelines and procedures to effectively manage logs in accordance with ISO 27001 standard.
This policy applies to all system logs generated within Liqvid PTE. LTD.'s AWS infrastructure, including logs from servers, applications, databases, network devices, and other relevant components.
Logging Policy:
a) Logging Configuration: Liqvid PTE. LTD. ensures that logging is configured appropriately across all systems, applications, and network devices in the AWS infrastructure. This includes enabling relevant log sources and setting appropriate log levels.
b) Log Storage: Logs generated within the AWS infrastructure are securely stored in a centralized and dedicated log management system. The log storage location is designed to protect against unauthorized access, tampering, and loss of log data.
c) Retention Period: Liqvid PTE. LTD. defines and implements a log retention period that aligns with regulatory requirements and the organization's operational needs. Logs are retained for an appropriate duration to facilitate incident investigation, system monitoring, and compliance audits.
d) Backup and Recovery: Regular backups of log data are performed to ensure the availability and integrity of log information. Backup copies of logs are securely stored and protected from unauthorized access or modification.
e) Log Monitoring and Analysis: Logs are regularly monitored and analyzed to detect security incidents, identify anomalies, and support troubleshooting activities. Appropriate tools and technologies are employed to facilitate log analysis and correlation for timely incident response.
f) Log Protection: Access to log files and log management systems is restricted to authorized personnel only. Access controls, such as strong authentication mechanisms and role-based access control (RBAC), are implemented to prevent unauthorized access and modifications.
g) Log Review and Audit: Periodic log review and analysis are conducted to identify and investigate any security events or policy violations. Log review activities are documented, and actions are taken to address any identified issues or vulnerabilities.
Compliance and Reporting:
Liqvid PTE. LTD. maintains documentation and records related to logs management to demonstrate compliance with ISO 27001 and other applicable regulatory requirements. Regular internal audits and reviews are conducted to ensure adherence to this policy.
Training and Awareness:
Employees involved in system operations and log management receive training on the importance of logs, log management best practices, and the organization's logs management procedures. Regular security awareness programs are conducted to promote a culture of effective logs management.
Policy Review:
This policy is reviewed on an annual basis or as required by changes in business needs, technology, or regulatory requirements.
Download Liqvid Logs Management for the Operation of the System