It is important to constantly and consistently monitor and test your networks to ensure that all security measures are in place and working effectively. You should track and monitor all access to network resources and cardholder data, and regularly test security systems and processes.
What are audit logs?
Audit logs are records of all activities that occur within an iPOS/ePOS system, including login attempts, password changes, and other system events. These systems automatically generate audit logs to provide a comprehensive record of system activity.
Why are they important?
Audit logs are crucial for maintaining security and compliance. The following requirements apply to all iPOS/ePOS users regarding audit logs:
- Retention: Logs must be kept securely for 12 months, with the last 3 months readily available for review.
- Daily review: Logs should be documented and reviewed daily. This process can be automated, allowing the system to identify irregularities that may indicate:
- Attempted targeting by hackers
- Potential system compromise
- Follow-up procedures: A documented process must be in place to address any irregularities found during log reviews.
These measures help ensure early detection of security threats and maintain compliance with security standards.