Description of how we monitor, detect and record malicious activity.

Data Protection Policy

Description of how we monitor, detect and record malicious activity.

 

We collect logs to capture events related to the security of our applications and systems, including event success or failure, date and time, access attempts, data changes and system errors We have implemented a logging mechanism on all service APIs that provide access to information. All logs have access controls to prevent any unauthorised access and tampering during their lifecycle. The logs do not contain PII and are retained for 90 days for reference in the event of a security incident.

We have adopted mechanisms to monitor the logs and all system activity to trigger investigative alerts on suspicious actions multiple unauthorised calls, unexpected request rate and volume of data recovery, and access to canonical data records. We implemented monitoring alerts to detect if information is being extracted from our protected boundaries. We are able to perform investigations when monitoring alerts are triggered.

We collect logs to capture events related to the security of our applications and systems, including event success or failure, date and time, access attempts, data changes and system errors. All logs have access controls to prevent any unauthorised access and tampering during their lifecycle. The logs do not contain PII and are retained for 90 days for reference in case of security incidents. We are able to perform investigations when monitoring alerts are triggered.