IT Security Logging Standard


Application


This standard applies to all IT users whether at the University or elsewhere, and refers to all IT resources.

Purpose


This standard serves to regulate the collection and retention of logging information and log data in the University environment. Generally, the purpose of collecting logs is to anticipate and avert significant threats or hazards to IT resources.

Standards


  1. IT resources may be monitored by authorised members of ITS, or authorised third parties contracted on behalf of ITS
  2. Logs are kept secure and are only available to authorised IT users and will only be kept as long as necessary, in line with current data protection guidelines
  3. Logs will be retained for as long as required by applicable law
  4. IT resources may be monitored and logged for all lawful purposes including:
  • tracking the flow of network traffic
  • facilitating and improving capacity planning
  • identifying areas for improvement, including provision of teaching and learning facilities
  • maintaining good availability of network bandwidth
  • ensuring use of resources is authorised
  • management of systems
  • protecting against unauthorised access
  • ensuring system security
  • compliance with University policies and regulations and any other appropriate regulations all IT users must comply with
  • avoiding or mitigating legal liabilities and complying with legal obligations
  • preventing and detecting crime
  • recording the date/time of transactional based events

Definitions


The following definitions apply to this document:

Authorised refers to an IT user who has been given permission to access the requested data by a member of SMT, the Director IT Services or the Director IT Strategy Policy & Planning

IT resources refers to any University owned or operated hardware or software and the data that is used or stored on it

IT user means any member of the University community using IT resources

University means the University of Auckland and includes all subsidiaries

University community includes all staff members (whether permanent, temporary or part time), honorary staff, students (whether full time or part time), contractors, subcontractors, consultants, alumni, associates, business partners or official visitors or guests of members of the University or UniServices

Document management and control


Owned by: CIO

Content manager: IT Risk and Startegy Manager

Approved by: The Vice-Chancellor

Date approved: January 2017

Review date: January 2020