Skip to main content

Logging and Monitoring Policy

Purpose:

The purpose of this policy is to establish guidelines for logging and monitoring activities within the Pitaka platform to ensure that security events, system activities, and access to critical data are recorded, monitored, and analyzed to detect, prevent, and respond to unauthorized activities or breaches, in compliance with Philippine laws and best practices.

Scope:

This policy applies to all systems, applications, and network infrastructure within the Pitaka platform. It covers all employees, contractors, and third-party providers with access to Pitaka systems.

Policy

1. Log Collection and Retention:

  • Logs must be generated and collected from all critical systems, including databases, applications, network devices, and operating systems.
  • Logs should include user access, system changes, transactions, security events, and other significant activities.
  • Logs must be securely stored for a minimum of six (6) months, as required by the Data Privacy Act of 2012 and other relevant regulations.
  • Archived logs must be encrypted and securely stored to prevent unauthorized access or tampering.

2. Types of Logged Events:

The following events must be logged across all Pitaka systems:

  • User access and authentication: Successful and failed login attempts, password/PIN changes, and user session activities.
  • Administrative activities: Changes to system configurations, user roles, and permissions.
  • Transaction activities: All financial and non-financial transactions conducted within the platform.
  • Security-related events: Unauthorized access attempts, malware detection, system anomalies, and failed data integrity checks.
  • System performance metrics: System crashes, performance degradation, or service interruptions.

3. Real-Time Monitoring:

  • All critical systems must be monitored in real-time to detect potential security incidents or anomalies.
  • Automated monitoring tools must be implemented to alert the security team of suspicious activities or deviations from normal behavior.
  • Logs and alerts from monitoring systems must be reviewed and analyzed by the IT security team regularly.

4. Incident Detection and Response:

  • Monitoring systems must be capable of detecting and alerting security incidents, including unauthorized access, data breaches, or other cyber threats.
  • Upon detection of an incident, the IT security team must initiate an investigation and follow the appropriate incident response procedures outlined in the Cybersecurity Event Response Policy.
  • All incidents must be documented, and corrective actions must be taken to prevent future occurrences.

5. Log Access Control:

  • Access to logs must be restricted to authorized personnel only.
  • Logs must be protected from tampering, deletion, or unauthorized modifications.
  • Administrative access to logs must be logged and regularly reviewed to ensure adherence to the Separation of Duties principle.

6. Log Review and Audit:

  • Logs must be reviewed on a regular basis to identify patterns, anomalies, or suspicious activities.
  • Quarterly audits must be conducted on logging and monitoring systems to ensure compliance with this policy and Philippine regulatory requirements.
  • Results from log audits must be documented and reviewed by the compliance and IT security teams.

This policy aligns with the Data Privacy Act of 2012, Cybercrime Prevention Act of 2012, and other relevant regulations within the Philippines. Regular audits and reviews will ensure that logging and monitoring practices comply with applicable laws and industry standards.

8. Logging and Monitoring Tools:

  • Only approved and secure logging and monitoring tools must be used within Pitaka’s systems.
  • Logging tools must support encryption, integrity verification, and secure storage of log data.
  • Monitoring systems must be capable of generating real-time alerts and providing detailed reports for analysis.

9. Log Backup and Recovery:

  • Logs must be regularly backed up to ensure their availability in the event of system failure or disaster.
  • Backup logs must be securely stored in a separate location, ensuring they are protected from unauthorized access.
  • Log recovery procedures must be in place to restore log data in case of loss or corruption.

10. Policy Enforcement:

  • Violations of this policy will result in disciplinary actions, which may include access revocation, termination of employment, or legal consequences, depending on the severity of the violation.
  • The IT security team is responsible for enforcing compliance with this policy and monitoring adherence to logging and monitoring practices.