17. HealthSafe System Monitoring Event Monitoring Policy




SYSTEM MONITORING EVENT MONITORING POLICY



Document Identification 

HSNZ/POL/17

Document Name

Firewall Policy

Master Copy

CISO

Version Number

1.3

Date Of Release 

15 Aug 2023

Prepared By

Eparama Tuibenau

CISO

Approved by

Kevin McAfee

Managing Director


 


VERSION HISTORY


Sl No

Version No.

Prepared by

Approved by

Description of Version

Date

Reason for Version Change

From

To

1

1.0

-

CISO

MD

First Release

14 Apr 2020 

No changes made

1

1.0

1.1

CISO

MD

Updated

26 Jun 2021 

Modifications due to changes in HealthSafe

1

1.1

1.2

CISO

MD

Reviewed

28 Jul 2022 

Annual review

1

1.2

1.3

CISO

MD

Reviewed

15Aug 2023 

Annual review


DOCUMENT STATUS


Date

Document Status

14 Apr 2020

Modified

26 Jun 2021

Reviewed

28 Jul 2022

Reviewed

15 Aug 2023

Current


Table of Contents

1 Purpose


2 Scope


3 Input


4 Output


5 Interacting Process


6 Abbreviations, Acronyms and Definitions


7 Procedure


8 Monitoring the Process


9 Records




  1. PURPOSE
    The purpose of this document is to establish and maintain a policy for system monitoring and event monitoring for HealthSafe NZ.

  2. SCOPE
    These procedures apply to all aspects of system monitoring and event monitoring.

  3. ABBREVIATIONS, ACRONYMS AND DEFINITIONS

Abbreviation

Description

HR

Human Resources

TL/PM

Team Lead / Project Manager

CISO

Chief Information Security Officer


4 INPUT

All laptops, tablets, and servers


5 OUTPUT

To ensure all systems are strictly adhered to the procedures


6 INTERACTING PROCESS

All users


7 PROCEDURE

The following logs will be checked regularly for signs of problems, issues on a regular basis by the IT team and will be reported to the CISO accordingly.

  • WAF logs
  • Antivirus logs
  • System error logs
  • Data backup and recovery logs
  • User access and privilege logs
  • Capacity planning reports

Logs shall include:

  • User IDs;
  • Dates, times and details of key events;
  • Records of successful and rejected system access attempts;
  • Changes to system configuration;
  • Privileges;
  • Use of system utilities and applications;
  • IP address attempted access;
  • Server resource activity logs
  • Any security issues discovered will be reported to the CISO for follow-up investigation.

8 Monitoring the Process

  • IT team will monitor the adherence of procedure through BitNinja dashboard, Slack notifications, and AWS Security Hub

9 Records

  • AWS Security Hub
  • BitNinja Dashboard
  • CRM ticket logging
  • Slack notifications