Compliance Categories

Identity and Access

The LogLogic^® Compliance Suite - ISO Edition includes reports and alerts to show that all ISO-related systems (that is, networks, applications, and databases) are appropriately secured to prevent unauthorized use, disclosure, modification, damage or loss of data. The risks of non-compliance may result in unauthorized and/or inappropriate access to key systems, which may negatively impact the security, integrity, accuracy, and completeness of information.

Monitoring and Reporting

The LogLogic^® Compliance Suite - ISO Edition includes reports and alerts to allow customers to continuously monitor the IT infrastructure for any security violations. Reports are provided in a format meaningful to the stakeholders. The monitoring statistics should be analyzed and acted upon to identify negative and positive trends for individual services as well as for services overall.

The risks of non-compliance in this area could significantly impact service availability as well as security of the IT infrastructure, which may negatively impact the security, integrity, accuracy, and completeness of information.

Change Management

The LogLogic^® Compliance Suite - ISO Edition includes reports and alerts to show that all systems and system changes are appropriately requested, approved, tested, and validated by authorized personnel before the implementation to the production environment. These reports and alerts can also show that division of roles and responsibilities have been implemented to reduce the possibility for a single individual to subvert a critical process. Management needs to make sure that personnel are performing only authorized duties relevant to their respective jobs and positions.

The risks of non-compliance may result in unauthorized changes and improper roll-out of new source code to key systems. This may negatively impact the security, integrity, accuracy and completeness of information.

Security Management

The LogLogic^® Compliance Suite - ISO Edition includes reports and alerts to show that all network security devices, including firewalls which control computer traffic into a company’s network, as well as IDS systems which monitor the computer traffic, have been configured appropriately to allow only the requested and approved traffic in and out of the network.

The risks of non-compliance may result in unauthorized access from the internet. Often, seemingly insignificant paths to and from the Internet can provide unprotected pathways into key systems. Firewalls are a key protection mechanism for any computer network.

Availability Management

The LogLogic^® Compliance Suite - ISO Edition includes reports and alerts to monitor the availability of critical IT infrastructure components. Alerts can be set up to monitor when critical components are sending abnormal amount of log data, which could indicate attacks on the component or that there’s system errors, or have stopped sending log data, which could indicate failure of these components.

The risk of non-compliance could significantly impact the business viability and could prevent an organization from recording transactions and thereby undermine its integrity.

Continuity Management

The LogLogic^® Compliance Suite - ISO Edition includes reports and alerts to monitor that data are backed up on a regular basis. Reports can be automatically generated to ensure that backups and restores are performed successfully.

Deficiencies in this area could impact the resilience of the infrastructure and the availability of critical resources.