Introduction
Logging is important for developers, system administrators and information security team members.
Log Aggregation
OrgChart logs are aggregated using Splunk SIEM (Security information and event management). Log aggregation allows for monitoring of all servers using a single system.
Log Monitoring
Logs are monitored by data center operations team. Errors, warnings, security alerts and performance issues are proactively detected in order to minimize (or eliminate) impact to customer.
- Logs are actively monitored from 6AM PST to 6PM PST Monday through Friday
- All critical events generate email notifications (24 X 7)
- There is always one or more data center operations team members monitoring for critical events (24 X 7)
- Data center operations is responsible for reporting incidents (as defined in the Incident Management Procedure). As soon as an incident is reported, senior management must be informed of the incident via email.
Log Contents
Logs shall contain enough information so that developers and customers can understand and remediate issues. Logs shall never contain confidential customer information.
Log Auditing
Logs are manually audited on a monthly basis for anomalies. Anomalies are managed using the Incident Management Procedure.
Log Retention
The minimum retention for logs is one year; however, certain logs may be retained indefinitely for forensic analysis.
Policy Audit
The Management Oversight Policy and Procedure requires an annual review of this policy.
Revision 1.0.2 - last updated December 11, 2019
