What are the logging requirements for ISO 27001?

Bottom Line Up Front: You must record all security events and user activities in protected logs. These logs require regular review by authorised staff. Store your logging policy in SharePoint to ensure version control. This approach proves management ownership of the monitoring process.

How long should I keep ISO 27001 logs?

Bottom Line Up Front: Retention periods depend on legal requirements and business needs. Typically, organisations keep logs for six to twelve months. Document these periods in your SharePoint retention schedule. This provides clear evidence of compliance during an external audit.

ISO 27001:2022 Annex A 8.15 Guide

Q: How do I prove log reviews to an auditor?

Bottom Line Up Front: Show Jira tickets or SharePoint meeting minutes that document the review date and findings. Automated software logs are not enough. Auditors want to see that a human reviewed the data. This proves the control is operational and effective.

What is ISO 27001:2022 Annex A 8.15 Logging in ISO 27001?

Annex A 8.15 requires organisations to record security events, user activities, and exceptions. This is a documented process integrated into your existing business tools. You must store and protect these logs to prevent unauthorised changes. Local ownership ensures logs remain available for future security investigations.

Auditor’s Eye: The Shortcut Trap

Many firms rely on “Black Box” SaaS platforms for logging compliance. These platforms show a green tick but lack human oversight. As an auditor, I look for log review evidence in your internal SharePoint minutes. I check Jira for investigation notes on alerts. Software can collect data, but it cannot manage it for you. Relying on automation leads to surface-level compliance. True security requires proof that your team actively reviewed the logs within your own systems.

ISO 27001:2013 Control	ISO 27001:2022 Control	Key Changes
A.12.4.1, A.12.4.2, A.12.4.3	Annex A 8.15	Renumbered and consolidated. Wording emphasizes protection and management review.

How to Implement ISO 27001:2022 Annex A 8.15 (Step-by-Step)

Effective logging starts with a clear policy within your SharePoint library. This approach ensures all technical staff follow identical rules. You must treat logging as a cultural change rather than a software install. Follow these steps for an integrated approach.

Define your logging requirements in a SharePoint document.
Identify all critical systems that must generate logs.
Establish automated Jira tasks to ensure monthly log reviews happen.
Document the results of every review in your internal wiki.
Secure your log files using SharePoint folder permissions.
Update your retention schedule to meet legal obligations.
Review log alerts during your monthly security committee meetings.

ISO 27001:2022 Annex A 8.15 Logging Audit Evidence Checklist

Auditors want to see manual records that prove human intent. Your internal document versions show the history of your security management. Focus on these items in your repositories.

Logging and Retention Policy with SharePoint version history.
Jira tickets showing assigned and completed log review tasks.
Management meeting minutes discussing log anomalies.
Screenshots of file permissions for log storage areas.
Internal audit reports on log integrity and availability.

Relational Mapping

Control A 8.15 does not exist in isolation. It supports several other ISO 27001 controls:

Annex A 8.16: Monitoring activities rely on accurate logs.
Annex A 5.24: Information security incident management needs log data.
Clause 9.1: Monitoring, measurement, analysis, and evaluation.

Auditor Interview

Auditor: How do you ensure your logs are not tampered with?

Manager: We store logs in a restricted SharePoint area. Only the IT Lead has access. We review the access logs monthly.

Auditor: Where is the evidence of your last log review?

Manager: I can show you the Jira ticket. It contains the review date and the manager sign-off.

Common Non-Conformities

Failure Mode	Description	Corrective Action
Automated Complacency	Relying on a platform’s green tick without procedural evidence.	Record log reviews in SharePoint meeting minutes.
Incomplete Logs	Critical systems are not sending logs to the repository.	Update your system inventory in Confluence.
No Retention Policy	Logs are deleted too early or kept indefinitely.	Publish a retention schedule in SharePoint.

Frequently Asked Questions

What is ISO 27001 Annex A 8.15 Logging?

Bottom Line Up Front: It is the requirement to record and protect security events. You must manage this using your internal tools like SharePoint. This ensures you can investigate incidents and prove compliance. Proper logging proves that you have active control over your environment.

How do I prove log reviews to an auditor?

Bottom Line Up Front: Show records of human review. Use Jira tickets or SharePoint minutes. Do not just show the logs themselves. An auditor wants to see that someone looked at them. This proves the process is business-as-usual.

Why use SharePoint for logging documentation?

Bottom Line Up Front: SharePoint offers version control and audit trails. It keeps your security evidence in one place. This is better than using separate SaaS tools. It keeps your compliance data under your direct control.

LA CASA DE CERTIFICACIÓN