SYS.2.01 - Security Monitoring Alert Criteria

Control Statement

IllumiDesk defines security monitoring alert criteria, how alert criteria will be flagged, and identifies authorized personnel for flagged system alerts.

Context

Defined security monitoring alert criteria and a documented mechanism to handle security alerts helps ensure the security of customer, IllumiDesk team member, and partner data. This control can be tested by reviewing the Incident Response and Security Incident Response processes, as well as the DELKE alerting criteria and notification mechanisms.

Scope

This control applies to all systems within our production environment. The production environment includes all endpoints and cloud assets used in hosting IllumiDesk.com and its subdomains. This may include third-party systems that support the business of IllumiDesk.com.

Ownership

• Control Owner: Security Operations

• Process owner(s):

  • Security Operations

  • Infrastructure

Additional control information and project tracking

Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the Security Monitoring Alert Criteria control issue.

Examples of evidence an auditor might request to satisfy this control:

• Sample security monitoring alert criteria

• Handbook documentation describing security monitoring alert criteria

• Monitoring tool configurations or documentation showing the security alert criteria are loaded

• Sample security monitoring alerts

• Documentation showing security alerts are made to authorized IllumiDesk Team Members

• A list of authorized IllumiDesk Team Members/teams to receive the alerts

Policy Reference

TBD

Framework Mapping

• SOC2 CC

  • CC3.2

  • CC3.3

  • CC3.4

  • CC5.1

  • CC5.2

  • CC7.2