Skip to content
Control Stack logo Control Stack
ISM-1911 ASD Information Security Manual (ISM)

Centralised Logging of Software Errors and Usage

Important software activities and errors are logged to a central system for security tracking.

Detective Non-classified OFFICIAL: Sensitive PROTECTED SECRET TOP SECRET ASD Information Security ManualGuidelines for software developmentloggingevent reportingincident detection

🏛️ Framework

ASD Information Security Manual (ISM)

🧭 Control effect

Detective

🔐 Classifications

NC, OS, P, S, TS

🗓️ ISM last updated

Nov 2025

✏️ Control Stack last updated

19 Mar 2026

🎯 E8 maturity levels

N/A

Guideline

Guidelines for software development

Section

Software development fundamentals

Topic

Software Event Logging
Official control statement
Security-relevant usage, error messages and crashes for software are centrally logged.

Source: ASD Information Security Manual (ISM)

Plain language

This control is about keeping track of what goes right and wrong in your software by logging errors and important activities to a central location. It matters because if you're not aware of issues, you can't fix them, which can lead to bigger problems like data breaches or software failures that disrupt your business.

Why it matters

Without centralised logging of software errors, crashes and security-relevant usage, incidents may go unseen, delaying detection and causing outages or data compromise.

Operational notes

Configure software to forward errors, crashes and security-relevant usage events to a central log store; monitor/alert on patterns and investigate anomalies promptly.

Implementation tips

  • The IT team should set up a central logging system where all software errors and important usage events are recorded. This can be done by integrating logging tools that collect and send data from each software application to a main server where it can be reviewed.
  • Managers should ensure that their teams understand the importance of logging software issues. They can achieve this by organising regular training sessions that explain how logging helps catch errors early and prevent larger security incidents.
  • IT staff should configure alert mechanisms within the logging system to notify them when certain types of errors or unusual activities occur. This involves setting specific criteria for notifications and ensuring these alerts go to the person who can address the issue immediately.
  • Software developers should work with the IT team to identify which activities and errors are security-relevant and need to be logged. This requires reviewing the software’s use cases and potential vulnerabilities to decide what needs to be monitored.
  • HR should encourage an organisational culture that reports software issues quickly. This can be fostered by setting up a simple process for staff to report problems, ensuring they know how to do it, and reassuring them that it’s a positive step to improve overall security.

Audit / evidence tips

  • Ask: the central logging policy document: Request the policy that outlines how software error and usage logging is handled

    Good: includes a clear responsibility matrix and detailed logging instructions

  • Ask: access to the central logging dashboard

    Good: shows a clean interface where different types of events can be reviewed

  • Good: will have logs with consistent detail that allows for effective issue tracing

  • Ask: a record of alerts triggered by logging: Look to see if the alerts have effectively notified relevant staff about issues

    Good: would contain a list of alerts with follow-ups showing resolution steps

  • Good: includes dated training materials and sign-off sheets from attendees

Cross-framework mappings

How ISM-1911 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.

ISO 27001

Control Notes Details
Partially meets (1)
Annex A 8.15 ISM-1911 requires the centralisation of security-relevant software usage, error messages, and crashes
Supports (1)
Annex A 8.16 ISM-1911 mandates centralised logging of software usage, errors, and crashes, which aids the monitoring and evaluation of anomalies under...

E8

Control Notes Details
Depends on (3)
E8-AH-ML2.15 E8-AH-ML2.15 requires timely analysis of cyber security events to identify incidents
E8-AC-ML3.4 E8-AC-ML3.4 requires organisations to analyse event logs from non-internet-facing servers in a timely manner to detect cyber security events
E8-MF-ML3.4 E8-MF-ML3.4 requires timely analysis of event logs from non-internet-facing servers to detect cyber security events

Mapping detail

Mapping

Direction

Controls