Introduction

Logging is important for developers, system administrators and information security team members.

Log Aggregation

OrgChart logs are aggregated using Splunk SIEM (Security information and event management). Log aggregation allows for monitoring of all servers using a single system.

Log Monitoring

Logs are monitored by data center operations team. Errors, warnings, security alerts and performance issues are proactively detected in order to minimize (or eliminate) impact to customer.

  • Logs are actively monitored from 6AM PST to 6PM PST Monday through Friday
  • All critical events generate email notifications (24 X 7)
  • There is always one or more data center operations team members monitoring for critical events (24 X 7)
  • Data center operations is responsible for reporting incidents (as defined in the Incident Management Procedure). As soon as an incident is reported, senior management must be informed of the incident via email.

Log Contents

Logs shall contain enough information so that developers and customers can understand and remediate issues. Logs shall never contain confidential customer information.

Log Auditing

Logs are manually audited on a monthly basis for anomalies. Anomalies are managed using the Incident Management Procedure.

Log Retention

The minimum retention for logs is one year; however, certain logs may be retained indefinitely for forensic analysis.

Policy Audit

The Management Oversight Policy and Procedure requires an annual review of this policy.

Revision 1.0.2 - last updated December 11, 2019