Skip to content
arrow_back
ISM-1983
search
ISM-1983 policy ASD Information Security Manual (ISM)

Timely Centralisation of Event Logs

Ensure event logs are quickly sent to a central logging facility to keep track of important activities.

Preventative NC OS P ASD Information Security ManualGuidelines for system monitoringloggingsecurity monitoring
record_voice_over

Plain language

This control ensures that all records of important events on your computer systems, like logins or file changes, are promptly sent to a central system. This matters because it makes it easier to spot unusual activity quickly, helping to prevent security issues and keep your business running smoothly.

Framework

ASD Information Security Manual (ISM)

Control effect

Preventative

Classifications

NC, OS, P, S, TS

ISM last updated

Nov 2024

Control Stack last updated

19 Mar 2026

E8 maturity levels

N/A

Guideline

Guidelines for system monitoring

Section

Event logging and monitoring

Topic

Centralised Event Logging Facility

Official control statement

Event logs sent to a centralised event logging facility are done so as soon as possible after they occur.
policy ASD Information Security Manual (ISM) ISM-1983
priority_high

Why it matters

If logs aren’t centralised promptly, correlation and alerting are delayed, reducing visibility and slowing incident response to malicious activity.

settings

Operational notes

Monitor and alert on log-forwarding delays and failures; confirm systems send events to the central logging facility immediately after generation.

build

Implementation tips

  • IT team should ensure all event logs are configured to be sent to a central system. They can do this by setting up each computer or device to automatically send logs as soon as they are created, using built-in system settings.
  • System owners should regularly verify that logs are being sent correctly. They can do this by checking the central log system for recent entries from each machine or device they manage.
  • Managers should schedule regular reviews of the central log system's performance. They can do this by setting monthly meetings with the IT team to go over system logs and discuss any issues that have been identified.
  • The IT team should set up alerts for unusual log activity in the central system. They can use simple settings to send emails or notifications if certain types of rare or suspicious events are logged.
  • HR should work with the IT team to ensure staff understand why logging is important. This can be done through a short training session explaining how timely logs help protect the company and keep information safe.
fact_check

Audit / evidence tips

  • Askthe log transmission settings from each system or device

    Goodis seeing automatic settings that push logs immediately after events occur

  • Goodis a report that shows frequent entries from each networked device

  • Askdetails on the alert configurations for unusual event logs

    Goodincludes a wide range of alerts with clear notification processes

  • Goodis notes that highlight issues addressed and solutions proposed

  • Askevidence of staff training on the importance of logging

    Goodis training slides or handouts and a sign-in sheet with participant names

link

Cross-framework mappings

How ISM-1983 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.

ISO 27001

Control Notes Details
layers Partially meets (1) expand_less
Annex A 8.15 ISM-1983 requires event logs to be sent to a centralised event logging facility as soon as possible after they occur

E8

Control Notes Details
handshake Supports (3) expand_less
extension Depends on (3) expand_less

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.

Mapping detail

Mapping

Direction

Controls