d3 Solutions - Log Management Policy
Purpose
The purpose of this policy is to outline the procedures for the management and retention of logs generated by information systems within the organisation.
​
Scope
​
This policy applies to all information systems that generate logs, including but not limited to servers, network devices, endpoints, and applications.
​
Procedures
​
The following procedures should be followed for log management:
​
- All information systems must generate logs that record activities and events that occur within the system.
- Logs are collected and stored in a secure and tamper-evident manner.
- Logs are retained for a minimum period of 90 days, unless a longer retention period is required by law or regulation.
- Access to logs are restricted to authorised personnel only.
- Logs are regularly reviewed and monitored for security incidents or anomalies.
- Security incidents identified through log monitoring are reported to the incident response team for investigation.
- Logs are regularly backed up and stored offsite to ensure availability in the event of a disaster.
​
Exceptions
​
Exceptions to this policy are approved by the IT department and documented in writing.
​
Enforcement
​
Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
​
Review and Revision
​
This policy will be reviewed annually and revised as necessary to ensure its continued effectiveness and compliance with applicable laws and regulations.
​
​