Access monitoring will be as follows;
- All event details on information system will be logged and stored for 6 months for ordinary systems and one year for critical systems.
- All information systems and business application will be monitored, and results of monitoring must be reviewed periodically.
- All system clocks will be synchronised and reviewed for inaccuracy and drift.
- All unsuccessful login attempts to critical servers will be recorded, investigated, and escalated to management.
Compliance management
Compliance with the Access Control Policy is mandatory, as follows;
- Managers will ensure continuous compliance monitoring.
- Compliance with Access Control Policy will be reviewed periodically.
- Violations of the policies, standards, and procedures of will result in corrective action by management, with disciplinary action taken consistent with the severity of the incident, as determined by an investigation, and may include, but not be limited to:
- Loss of access privileges to information assets
- Other actions as deemed appropriate by management, Human Resources, and the legal recourse.
