10.2.2 Monitoring and Review of Third Party Services

Illustrative Controls and TIBCO LogLogic Solution

The process of defining and managing service levels addresses how an organization meets the functional and operational expectations of its users and ultimately, the objectives of the business. Deficiencies in this area could significantly impact reporting and disclosure of an entity. For example, if systems are poorly managed or system functionality is not delivered as required, information might not be processed as intended.

To satisfy this control objective, administrators must configure alerts to ensure that all critical application failures, including firewalls, routers, switches, servers, and applications, are notified immediately. Alerts must be reviewed periodically. In addition, administrators must perform independent reviews on the security, availability, and processing integrity of third-party service providers by continuously monitoring the service level agreements through adequate logging and reporting.

The LogLogic^® Compliance Suite - ISO Edition can continuously monitor the availability of the IT infrastructure using behavioral-based alerts. Administrators can configure alerts to monitor performance of firewalls, routers, switches, servers, applications, and operating systems so they can be notified immediately if of failures. Real-time reports and custom, regular-expression searches also enable administrators to quickly identify and determine the root cause of any problems. This further mitigates risk and minimizes interruptions to service availability.

Reports and Alerts

Use the following link/reference to see the 10.2.2 reports and alerts: TIBCO LogLogic Reports and Alerts Quick Reference.