Data monitoring

You should regularly test, assess, and evaluate the effectiveness of your technical and organizational measures to comply with GDPR. These measures should include ongoing privacy assessments, threat modeling, centralized security logging and monitoring among others.

Product Master provides optional logging and transaction audit trails functionality. It is strongly recommended to that you make use of these facilities if personal data is stored in the solution. See Enabling event logging using history manager.

Consider the following issues when leveraging the product capabilities in this area:

Product Master logging can be configured to your needs, but should, at a minimum, include successful and unsuccessful logon events, privileged activities, and security events.
A security event should be logged and investigated if a potential attempted or successful breach of access controls is detected.
Ensure logs contain sufficient information about the event. For example, include the type of event, when the event occurred, where the event occurred, the source of the event, the outcome (success or failure) of the event, and the identity of any user/subject/device associated with the event.
Retain logs on the system for at least 90 days.
Protect logs against unauthorized access.
Keep system clocks synchronized with a common reference time source to improve log accuracy.
Product Master uses IBM® WebSphere® Application Server (WAS) and many monitoring facilities exist within WAS. These should be leveraged to extend the data monitoring to this level and potentially in concert with other applications be those integrated with Product Master or not.