Develop and Maintain Event Logging Policies
Ensure a policy is in place to record and monitor events.
Plain language
Having a policy to log and monitor events means you'd keep a record of important actions that happen on your computer systems. This is crucial because without such records, if something goes wrong—like data being stolen—you won't know how it happened or how to fix it.
Framework
ASD Information Security Manual (ISM)
Control effect
Proactive
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for system monitoringSection
Event logging and monitoringTopic
Event Logging PolicyOfficial control statement
An event logging policy is developed, implemented and maintained.
Why it matters
Without an event logging policy, key events may not be captured or retained, reducing detection capability and hindering timely investigation and incident response.
Operational notes
Maintain an event logging policy defining what to log, roles, review cadence, alerting and retention; periodically validate coverage and update for system changes.
Implementation tips
- The business owner should work with an IT consultant to develop a clear policy on what events need logging. This means deciding which actions or system changes should be recorded, like logins or data changes.
- The IT team should implement the logging policy using available tools. They can start by configuring software to automatically record the specified actions and ensure logs are stored securely.
- Managers should oversee that staff are trained to follow the logging policy. This includes briefing employees on what actions are being logged and why it's essential for the business.
- The IT team should regularly review and update the logging tools and policies as the business changes. They can do this by scheduling bi-annual checks and updating logs as new threats and systems are identified.
- Managers should ensure there is a process for regular reviews of these logs to look for unusual activity. Appoint a trusted staff member to check logs weekly and report any anomalies promptly.
Audit / evidence tips
-
Askthe most recent version of the event logging policy document
Gooda dated document with a list of events, update history, and responsible persons for each section
-
Askthe staff training records related to event logging policies
Goodwill be recent training completion records for all relevant staff
-
Aska demonstration of the logging tool in use
-
Askmaintenance records of the logging system
-
Aska report of the last log review meeting
Cross-framework mappings
How ISM-0580 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (2) expand_less | ||
| Annex A 5.28 | ISM-0580 requires an organisation to develop, implement and maintain an event logging policy to ensure events are recorded and monitored | |
| Annex A 8.15 | ISM-0580 requires an organisation to develop, implement and maintain an event logging policy to ensure events are recorded and monitored | |
E8
| Control | Notes | Details |
|---|---|---|
| handshake Supports (10) expand_less | ||
| extension Depends on (4) expand_less | ||
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.