ISO 27001 Maintenance Logs
Hello, I'm trying to find out if ISO 27001 requires a company to have maintenance logs of all systems or whether this is optional?
Assign topic to the user
ISO 27001 does not prescribe keeping maintenance logs.
The need to keep logs is defined by the results of risk assessment and applicable legal requirements, and also by the need to prove to auditors that security processes are being performed. These are the elements that will help you define which information must be logged, as well as the systems that must be logged.
These articles will provide you a further explanation about logging:
- Logging and monitoring according to ISO 27001 A.12.4 https://advisera.com/27001academy/logging-according-to-iso-27001/
- Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/
This material will also help you regarding logging:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Comment as guest or Sign in
Jul 09, 2020