Auditing and Monitoring Strategy Plan
EventLinx uses continuous monitoring and scheduled audits to maintain visibility across systems, detect issues early, and support our incident response process.
Monitoring applies across identity systems, infrastructure, endpoints, and administrative activity, with coverage scaled based on system sensitivity and risk.
What we monitor
We maintain oversight across three core areas: identity, infrastructure, and endpoints.
Identity monitoring focuses on authentication activity such as login attempts, MFA failures, privilege changes, and administrative actions. Infrastructure monitoring tracks system health, database activity, and network or service-level anomalies. Endpoint monitoring helps detect malware, suspicious processes, or unauthorized software activity on managed devices.
These signals are continuously logged and reviewed through centralized security tooling.
Monitoring cadence
| Frequency | Activity |
|---|---|
| Ongoing | Automated alerts, log monitoring, anomaly detection |
| Weekly | Security and vulnerability scans, log integrity checks |
| Monthly | User access reviews and privileged account checks |
| Quarterly | Compliance and control effectiveness reviews |
| Annually | External security assessments or penetration testing (where applicable) |
Roles and responsibilities
Security monitoring is primarily handled by the SecOps and IT teams, who respond to alerts and investigate anomalies. System administrators ensure logs and monitoring tools remain operational and correctly configured.
Compliance and leadership teams review audit outputs and escalate significant issues when required. Management also approves exceptions or risk decisions when controls cannot be fully applied.
What logs contain
System logs are structured to ensure consistent and reliable investigation. Each record typically includes who performed an action, what event occurred, when it happened (synchronized using consistent time standards), the source of the activity, and whether it succeeded or failed.
This structure allows EventLinx to investigate incidents accurately and reconstruct events when needed.
Log retention
Logs are retained based on operational and legal requirements.
Security and audit logs are generally kept for up to 365 days, with recent data stored in faster-access systems and older data archived securely. System performance logs are kept for shorter periods, typically around 30 days, unless extended retention is required for troubleshooting or legal reasons.
Some specialized records may be retained longer where required by law or contractual obligations.
Protecting monitoring data
Logs and monitoring data are protected using encryption both in transit and at rest. Storage systems are designed to reduce tampering risk, and access is restricted to authorized personnel only.
If logging for a critical system stops unexpectedly, alerts are triggered and the issue is treated as a priority until resolved.
Remediation and escalation
Issues identified through monitoring are prioritized based on severity. Critical issues require immediate attention and are escalated quickly if not resolved. High-priority issues are handled within defined operational timelines, while lower-priority findings are scheduled into regular maintenance cycles.
This ensures that serious risks are addressed without delaying routine improvements.
Reporting
Monitoring outputs are shared in different formats depending on audience and purpose. Security teams work with real-time dashboards, while compliance and leadership receive periodic summaries of key risks and findings. These reports are internal only and not published on this documentation site.