The purpose of this policy is to ensure that IRIS Connect appropriately collects, protects, and utilizes log data to support operational needs, regulatory compliance, and incident response activities.
This policy applies to all IRIS Connect's systems, networks, and applications that generate log data, and all employees and contractors who have responsibilities for handling these logs.
3. Policy Statements
3.1 Log Data Collection
- All systems, networks, and applications must generate appropriate log data. This includes but is not limited to: system events, network traffic data, user login/logout activities, file access, and security events.
- Systems should be configured to synchronize their timestamps with a trusted time source to ensure accuracy of log data.
3.2 Log Data Protection
- Log data must be transmitted and stored securely to maintain its integrity and confidentiality. This includes the use of encryption and access controls as necessary.
- Logs must be stored in a centralized log management system to support efficient analysis and review.
3.3 Log Data Review
- Logs must be reviewed regularly for indications of suspicious activity or policy violations. This includes automated analysis and alert generation using appropriate tools.
- All findings from log reviews should be documented and communicated to relevant stakeholders as necessary.
3.4 Retention and Disposal
- Log data must be retained for a period consistent with legal, regulatory, and operational requirements. After this period, logs should be disposed of securely.
- Log data related to identified security incidents must be retained until the incident has been fully resolved and any subsequent investigations or legal actions are complete.
4. Roles and Responsibilities
- The IT and Security teams are responsible for the implementation and management of log collection, protection, review, and disposal processes.
- All employees and contractors are required to comply with this policy and to report any suspected violations.
- Compliance with this policy will be audited regularly. Any non-compliance issues identified will be addressed and corrected in a timely manner.
- Violations of this policy may result in disciplinary actions as deemed appropriate by IRIS Connect's management.
6. Policy Review and Updates
This policy will be reviewed and updated on an annual basis or whenever there are significant changes to the organization's systems, the threat landscape, or relevant legal and regulatory requirements.