1. Document Control

• Document Title: Security Event Monitoring Procedure

• Document Identifier: PRC-IT-007

• Version Number: v1.0

• Approval Date: <24 June 2025>

• Effective Date: <24 June 2025>

• Review Date: <24 June 2026>

• Document Owner: <Director of Information Security>

• Approved By: <Information Security Governance Committee>

2. Purpose

The purpose of this Security Event Monitoring Procedure is to define the standardized process by which continuously monitors, detects, investigates, and escalates security-relevant events across its information systems and network environments. Effective monitoring is critical to detecting unauthorized access, policy violations, and suspicious activity before such incidents escalate into security breaches or regulatory violations.

This procedure supports compliance with SOC 2 Trust Criteria CC7.1 (ongoing security monitoring) and CC7.2 (detection of anomalies), and aligns with ISO/IEC 27001 controls related to monitoring, logging, and incident detection. The ultimate objective is to reduce risk exposure, improve visibility into potential threats, and support incident response processes through reliable and timely data collection and analysis.

3. Scope

This procedure applies to all production, test, and development systems within 's infrastructure, including but not limited to endpoints, servers, cloud environments, network devices, authentication systems, and SaaS platforms that process or store sensitive data.

It also encompasses all personnel responsible for security operations, IT administration, software development, and incident response. Third-party systems integrated into ’s infrastructure are subject to this procedure under appropriate contractual obligations.

4. Policy Statement

shall implement and maintain continuous, centralized security event monitoring using a Security Information and Event Management (SIEM) system and related monitoring tools. This includes:

1. Real-time log collection from all critical assets.

2. Use of correlation rules and analytics to detect anomalous behavior.

3. 24/7 alerting for defined threat indicators.

4. Daily review of key events, including authentication failures, privilege escalations, firewall anomalies, and system changes.

5. Retention of security logs for at least 12 months.

6. Use of baselines and behavior analysis to detect insider threats or compromised credentials.

7. Escalation of suspected incidents to the Incident Response Team per the Incident Response Procedure.

All personnel must report unusual system behavior or anomalies in accordance with the reporting guidelines.

5. Safeguards

6. Roles and Responsibilities

• Security Operations Center (SOC): Performs real-time monitoring, triages alerts, and notifies appropriate teams.

• Director of Information Security: Owns the procedure and ensures alignment with risk posture and compliance goals.

• System and Network Administrators: Ensure logging is enabled and forwarded correctly for systems under their control.

• Application Developers: Collaborate with InfoSec to integrate logging from application layers into the SIEM.

• Incident Response Team: Handles escalations resulting from monitoring activities and performs root cause analysis.

• Compliance and Audit Teams: Review logs and procedures for adequacy during internal or external audits.

7. Compliance and Exceptions

All systems in scope must be connected to the central monitoring platform unless an exception is formally approved. Systems missing from the log inventory are escalated immediately.

Exceptions must be documented using the “Security Monitoring Exception Request Form,” justified with business or technical constraints, and approved by the Director of Information Security. Each exception must define alternate safeguards and be reviewed quarterly.

8. Enforcement

Any failure to adhere to the monitoring procedure may lead to disciplinary measures, especially if the failure results in undetected security breaches or operational incidents. Employees may face sanctions ranging from retraining to termination, depending on intent and impact.

Third-party vendors must comply with contractual monitoring clauses; violations may result in penalties, up to and including contract termination.

9. Related Policies/Documents

• POL-ALL-008: Logging and Monitoring Policy

• POL-ALL-009: Incident Response Policy

• PRC-IT-008: Incident Detection and Response Procedure

• PRC-ALL-008: Log Review and Retention Procedure

• SOC 2 CC7.1 (Security Monitoring), CC7.2 (Detection of Anomalies)

• ISO/IEC 27001:2022 Controls A.8.15 (Logging), A.8.16 (Monitoring), A.5.25–A.5.27 (Incidents)

10. Review and Maintenance

This procedure shall be reviewed annually or upon significant changes to monitoring tools, threat landscape, or audit findings. Review is owned by the Information Security team and changes are documented using the formal version control process.