Audit Log Management Policy
Overview
Section titled “Overview”Code Town employs a robust logging system, tracking detailed information on actions within production systems, including the initiator, timing, and origin of each action. This is the foundation of a comprehensive audit system that allows Code Town employees to identify and remediate any security incidents that occur on the platform.
Policy Statements
Section titled “Policy Statements”-
All Code Town production systems must log any security related events. This includes but is not limited to:
a. Login attempts
b. Administration account actions
c. Any changes to a user’s privileges
d. Major application lifecycle events (crashes, startup, shutdown)
-
All logs must be securely transmitted from the production system to a dedicated tamper evident audit log datastore.
-
The dedicated audit log datastore must have sufficient storage capacity to retain audit logs for at minimum of 12 calendar months.
-
All audit logs must be handled according to any Privacy regulation that covers the data collected by the audit log system.
-
High-risk audit events must be regularly reviewed and any indications of a security incident identified in accordance with the Incident Response Policy.
Review Log
Section titled “Review Log”| Review Date | Approver |
|---|---|
| June 10, 2026 | Eric Seidel |