(Drafted March 2026. Pending Governing Board Approval)
Logging & Monitoring Standard
1. Purpose
This standard defines minimum expectations for generating and reviewing logs that may be useful for detecting and investigating cybersecurity‑related events at Colearn Academy.
2. Scope
This standard applies to critical systems and services where the School has access to logging and monitoring capabilities, including but not limited to identity platforms, key cloud services, and security tools.
Operating context: Colearn Academy has no physical building and no school-owned hardware. Logging and monitoring apply to cloud and identity platforms and to any security tools the School uses; there is no on‑premises infrastructure.
3. Log Generation
3.1
Where practical, Colearn Academy will enable logging features provided by critical systems and security tools, especially for administrative actions, sign‑ins, and security‑related events.
4. Retention
4.1
Logs for critical systems should be retained for a reasonable period, subject to technical and cost constraints, to support basic investigation of incidents.
5. Review
5.1
The Information Security Lead or designee will review available security‑relevant alerts and logs on a periodic basis, focusing on higher‑risk systems and events.
5.2
Potentially suspicious activity identified through logs or alerts will be evaluated and, if necessary, escalated in accordance with the Incident Response Plan.
6. Review
This standard will be reviewed at least annually and updated as needed based on changes in systems, tooling, and risk.