Expert Advice Community

Guest

Record keeping

  Quote
Guest
Guest user Created:   Jul 29, 2020 Last commented:   Jul 29, 2020

Record keeping

I have a question: Do I really have to record every finger swipe in logs and keep them somewhere? I mean at some point I really have to work and I try not to set up a document monster here.

You could help me by giving a recommendation on how to simplify this or what the minimum retention requirements are to get the certification.

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 29, 2020

1 - Do I really have to record every finger swipe in logs and keep them somewhere? I mean at some point I really have to work and I try not to set up a document monster here.

Answer: Unless you have legal requirements (e.g., laws, regulations, or contracts) demanding you to record every finger swipe in logs and keep them, you only need to record and keep the logs you understand are sufficient to provide confidence to management, customers and other interested parties that you can protect information properly.

2 - You could help me by giving a recommendation on how to simplify this or what the minimum retention requirements are to get the certification.

Answer: First is important to note that ISO 27001 does not prescribe minimum log retention requirements.

Considering that, you can make you work simpler by only logging finger swipes from the most critical systems, from the users that can perform critical activities, and adopt additional controls that can replace the need for keep logs for a long time (e.g., performing regular reviews). 

These articles will provide you a further explanation about logging:
- Logging and monitoring according to ISO 27001 A.12.4 https://advisera.com/27001academy/01academy/emy/ademy/my/blog/15/11/23/logging-and-monitoring-according-to-iso-27001-a-12-4/
- Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/01academy/emy/ademy/my/blog/14/11/24/records-management-in-iso-27001-and-iso-22301/
- 5 ways to avoid overhead with ISO 27001 (and keep the costs down) https://advisera.com/27001academy/01academy/emy/ademy/my/blog/12/06/19/5-ways-to-avoid-overhead-with-iso-27001-and-keep-the-costs-down/

This material will also help you regarding logging:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/rols-plain-english/annex-controls-plain-english/-english/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 29, 2020

Jul 29, 2020

Suggested Topics