📢 Join Ecotrak for our Q3 Product Roadmap Webinar - July 23rd!

Legal

Security Logging Policies and Procedures

Document Revision History

  • Revision Date: April 4, 2024

  • Previous Revision Date: January 12, 2023

  • Change Summary: Updated log retention policy to specify a 1-year retention period for AWS and Google Workspace Services (GWS) logs. Enhanced guidelines for log protection and access.

Introduction

This document outlines the Security Logging Policies and Procedures for Ecotrak, establishing the framework for logging, monitoring, analyzing, and retaining security-related logs, with a specific focus on AWS and GWS logs.

Policy Statement

Ecotrak is committed to effective and responsible logging practices that safeguard the company's digital and informational assets. A key aspect of this commitment is the retention of logs from critical environments such as AWS and GWS for a period of 1 year, supporting our goals for security, compliance, and operational integrity.

Scope

This policy applies to all Ecotrak operations involving the use of AWS and GWS, affecting all employees, contractors, and third-party service providers.

Security Logging Framework

1. Log Collection

  • Comprehensive Coverage: Logs from all critical components within AWS and GWS environments are collected, including access logs, transaction logs, and system events.

2. Log Monitoring and Analysis

  • Real-time Monitoring: Continuous monitoring of logs to identify and respond to potential security threats in real-time.

  • Anomaly Detection: Use of advanced tools to detect unusual patterns that could indicate a security incident.

3. Incident Response and Management

  • Alerting Procedures: Defined escalation paths for different types of alerts, ensuring swift response to potential incidents.

  • Investigation Support: Utilization of log data to facilitate thorough investigations into security incidents.

4. Log Retention and Protection

  • Retention Policy: AWS and GWS logs are retained for a period of 1 year to comply with legal, regulatory, and operational requirements.

  • Data Protection: Logs are stored securely, with encryption in transit and at rest, to protect against unauthorized access and tampering.

5. Compliance and Audit

  • Compliance Reviews: Regular audits to verify adherence to the log retention policy and other logging practices.

  • Audit Support: Retained logs are made available for internal and external audits, supporting transparency and accountability.

Responsibilities

  • IT Security Team: Oversees the implementation and compliance of the logging and retention policies for AWS and GWS.

  • Compliance Officer: Ensures that logging practices meet legal and regulatory standards, including the 1-year log retention requirement.

Review and Maintenance

  • This policy will be reviewed annually or following significant changes to operations or regulatory requirements, ensuring its continued relevance and effectiveness.

  • Any amendments to the policy will be communicated across Ecotrak to maintain widespread awareness and compliance.