S 4.358 Logging groupware systems

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator

To be able to monitor the system functions and the system security of an groupware system, security-related events must be logged. In general, the following must be taken into account for logging.

Logging concept

A logging concept must be drawn up. The concept must specify which log data are to be collected and evaluated in the groupware system. Since personal data can also be recorded when logging, the Data Protection Officer and the Personnel or Supervisory Board must be involved in planning the logging concept.

Security of the log data

The data logged can contain important system information and personal data. Access to the log data therefore needs to be restricted. Restricting access may make it necessary to change some settings in the groupware system as well as outside of the groupware system (e.g. at the file level).

Evaluating important system events

Important system events such as changes, errors, faults in hardware, operating systems, drivers, services and other software must be logged and evaluated in regular intervals.

When operating more than one groupware system, it is recommended to use a central logging instance so that all events can be evaluated on one system.

Restricting access to monitoring tools

Access to the monitoring tools provided by the groupware system must be restricted to authorised administrators only.

Review questions:

• Has an appropriate logging concept for groupware been drawn up?
• Are the groupware logs evaluated regularly?