DS13.3 IT Infrastructure Monitoring
Define and implement procedures to monitor the IT infrastructure and related events. Ensure sufficient chronological information is being stored in operations logs to enable the reconstruction, review and examination of the time sequences of operations and the other activities surrounding or supporting operations.
Illustrative Controls and the TIBCO LogLogic Solution
Managing operations addresses how an organization maintains reliable application systems in support of the business to initiate, record, process and report financial information. Deficiencies in this area could significantly impact an entity’s financial reporting. For instance, lapses in the continuity of application systems might prevent an organization from recording financial transactions and thereby undermine its integrity.
System event data must be sufficiently retained to provide chronological information and logs to enable the review, examination and reconstruction of system and data processing.
System event data can also be used to provide reasonable assurance as to the completeness and timeliness of system and data processing.
To satisfy this control objective, administrators must ensure all financial reporting related network devices, servers, and applications are properly configured to log to a centralized server.
Administrators must also periodically review logging status to ensure these devices, servers and applications are logging correctly.
Review of these reports must be shown to auditors to satisfy this requirement.
Continuously monitor the availability of the IT infrastructure using behavioral-based alerts. Configure alerts to monitor performance of firewalls, routers, switches, servers, and applications and operating systems to be notified immediately if there’s a failure.