Audit and Accountability (AU) Sample Clauses
Audit and Accountability (AU). Members must: (i) create, protect, and retain information system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate information system activity; and (ii) ensure that the actions of individual information system users can be uniquely traced to those users so they can be held accountable for their actions.
Audit and Accountability (AU). This Section 3.1(I)(iv) applies solely to Services provided within the United States. Rackspace configures all elements of the Cloud Infrastructure to feed audit information into a centralized logging platform that provides near-real-time log collection, indexing, and management separated at the Client tenant level for: (i) System Security logs, (ii) IDS logs and (iii) Firewall logs. Rackspace’s centralized logging platform allows Rackspace security engineers and analysts to use a suite of automated and manual tools to extract audit information. In the event of a security incident or suspected incident, logs assist in determining: (i) if there was an incident, (ii) who was involved in the incident, (iii) when the incident took place, (iv) what type of incident took place and (v) how the incident occurred. Logs are collected and retained online for 90 days through replication to the online log server and further preserved offline for one year. Client is responsible for retaining application and database audit records online, in order to provide support for after-the-fact investigations of security incidents and to meet their respective regulatory and organizational information retention requirements. Client may purchase additional Services to store their logs. Client retains all responsibility for configuration and management of these additional log sources.