Logging & Monitoring Policy

1. Purpose

To ensure security-relevant events are logged and monitored so issues can be detected and investigated.

2. Scope

Critical systems, cloud platforms, source control, and applications we operate.

3. Logging

• We collect logs of authentication, access, and administrative actions where available.
• Logs are protected against tampering and retained for a defined period sufficient for investigation.

4. Monitoring & alerting

• Alerts are configured for security-relevant events and availability issues.
• Access and activity are reviewed periodically.

5. Review

This policy is reviewed at least annually.