Skip to content
RunWhen

Logging Controls Summary

Overview

The organization maintains comprehensive logging across all production and non-production environments, leveraging Google Cloud Audit Logs for centralized, immutable, compliance-scoped activity logging, and a separate log management process for short-term application troubleshooting logs.

Centralized Logging (Google Cloud Audit Logs)

  • Scope: Captures all administrative actions, API calls, configuration changes, and other governance-relevant activity across Google Cloud environments.
  • Retention: 1 year, in alignment with policy and industry standards (PCI DSS 4.0, NIST).
  • Controls:
    • Immutable and access-controlled storage.
    • Role-based access controls (RBAC) for log access.
    • Integration with security monitoring and alerting tools for real-time anomaly detection.
    • Periodic review of logs based on information classification and associated risk.
  • Risk Response: Detected anomalies are escalated via the organization’s incident response plan.

Application-Level Logs (Outside Google Cloud Audit Logs)

  • Scope: Certain application-level logs that do not contain regulated data (e.g., cardholder data, authentication secrets, or PCI-scoped information).
  • Retention: 1 week, supporting short-term operational troubleshooting only.
  • Controls:
    • Automatic rotation and destruction after retention period via lifecycle management policies.
    • Restricted access via RBAC.
    • No storage of compliance-scoped or regulated data.
  • Risk Justification: Short retention reduces exposure risk while maintaining operational capability.

Logging Process Alignment with Requirements

  • Administrative Activity Logging: Captured in centralized Google Cloud Audit Logs.
  • Application & Transaction-Level Logging: Security-relevant events logged to Google Cloud Audit Logs; operational events logged separately with short retention.
  • Detail & Governance Support: Level of logging supports both business operations and governance processes.
  • Review & Response: Logs reviewed periodically based on risk and classification; anomalies addressed according to the incident response plan.

Diagram: Logging Flow

          ┌──────────────────┐
          │     GitOps        │
          │(Version Control +  │
          │  Approved Changes)│
          └─────────┬────────┘
                    
                    
         ┌─────────────────────┐
         │  GCP Deployment API │
         └─────────┬───────────┘
                   
         ┌─────────▼─────────┐
         │ Google Cloud Audit │
         │       Logs         │
         └─────────┬─────────┘
                   
     ┌─────────────▼─────────────────┐
     │ Security Monitoring & Alerts   │
     │  (SIEM / SOC review process)   │
     └───────────────────────────────┘


Separately:
 Application Logs (non-sensitive) → Local/short-term log store → Auto-delete after 1 week