9:010-AP5 Audit Log Management
9:010-AP5 Audit Log Management
Purpose
This procedure establishes expectations for the management of audit logs generated by District information systems. Audit logs support accountability, system reliability, security monitoring, and compliance with applicable laws and Board policy.
Scope
This procedure applies to:
- District-owned information systems
- District-managed information systems
- Systems that store, process, or transmit District data
- Vendor-hosted or third-party systems used to provide District services that store, process, or transmit District data.
Procedure
I. Audit Logging
- Audit logging shall be enabled, where technically feasible, on information systems that support user authentication, access control, or changes to system configurations. Where audit logging is not technically feasible, the limitation shall be documented and, where appropriate, compensating controls shall be considered.
- Audit logs shall record sufficient information to support security monitoring, investigations, and operational review.
II. Protection of Audit Logs
- Audit logs shall be protected from unauthorized access, modification, or deletion.
- Access to audit logs shall be limited to authorized personnel with a legitimate operational or security need.
III. Review and Monitoring
- Audit logs shall be reviewed periodically to identify unusual, unauthorized, or policy-violating activity. Reviews shall be documented in a manner sufficient to demonstrate completion, exceptions, and follow-up action.
- Potential security incidents identified through log review shall be addressed in accordance with applicable incident response procedures.
IV. Retention and Disposal
- Audit logs shall be retained and disposed of in accordance with Board policy, legal requirements, applicable records retention guidance, and Local Records Commission–approved retention schedules and applicable law.
- Audit logs shall be securely disposed of once retention requirements have been met.
V. Roles and Responsibilities
- The Superintendent or designee shall ensure audit log management practices are implemented and maintained.
- The Technology Department shall configure and maintain audit logging, support log review, investigations, and audits, and coordinate with vendors regarding audit logging, access, and retention requirements for vendor-managed systems.
- Users acknowledge that system activity may be logged and reviewed in accordance with District policy.
VI. Exceptions
Exceptions to this procedure must be documented, justified by operational need or technical limitation, approved by the Superintendent or designee, and reviewed at intervals appropriate to the risk.
VII. Compliance and Review
Failure to comply with this procedure may result in disciplinary action and/or legal consequences.
This procedure shall be reviewed at least annually and updated as necessary to reflect changes in law, Board policy, technology, cybersecurity risk, or District operations.
Purpose
This procedure establishes expectations for the management of audit logs generated by District information systems. Audit logs support accountability, system reliability, security monitoring, and compliance with applicable laws and Board policy.
Scope
This procedure applies to:
- District-owned information systems
- District-managed information systems
- Systems that store, process, or transmit District data
- Vendor-hosted or third-party systems used to provide District services that store, process, or transmit District data.
Procedure
I. Audit Logging
- Audit logging shall be enabled, where technically feasible, on information systems that support user authentication, access control, or changes to system configurations. Where audit logging is not technically feasible, the limitation shall be documented and, where appropriate, compensating controls shall be considered.
- Audit logs shall record sufficient information to support security monitoring, investigations, and operational review.
II. Protection of Audit Logs
- Audit logs shall be protected from unauthorized access, modification, or deletion.
- Access to audit logs shall be limited to authorized personnel with a legitimate operational or security need.
III. Review and Monitoring
- Audit logs shall be reviewed periodically to identify unusual, unauthorized, or policy-violating activity. Reviews shall be documented in a manner sufficient to demonstrate completion, exceptions, and follow-up action.
- Potential security incidents identified through log review shall be addressed in accordance with applicable incident response procedures.
IV. Retention and Disposal
- Audit logs shall be retained and disposed of in accordance with Board policy, legal requirements, applicable records retention guidance, and Local Records Commission–approved retention schedules and applicable law.
- Audit logs shall be securely disposed of once retention requirements have been met.
V. Roles and Responsibilities
- The Superintendent or designee shall ensure audit log management practices are implemented and maintained.
- The Technology Department shall configure and maintain audit logging, support log review, investigations, and audits, and coordinate with vendors regarding audit logging, access, and retention requirements for vendor-managed systems.
- Users acknowledge that system activity may be logged and reviewed in accordance with District policy.
VI. Exceptions
Exceptions to this procedure must be documented, justified by operational need or technical limitation, approved by the Superintendent or designee, and reviewed at intervals appropriate to the risk.
VII. Compliance and Review
Failure to comply with this procedure may result in disciplinary action and/or legal consequences.
This procedure shall be reviewed at least annually and updated as necessary to reflect changes in law, Board policy, technology, cybersecurity risk, or District operations.