Do Maytech provide audit and monitoring of access to the system and data? | Yes. Comprehensive audits logs are available and all user activity is tracked. |
How does the solution authenticate users to prevent unauthorized access? Describe the security applied to the database to prevent unauthorized access to data. | Username and strong password and 2FA. |
Within the application, and the supporting infrastructure, describe how administrator actions are logged and recorded, including details of how long these audit logs are stored for. | Where Maytech are instructed to access any data (regardless of whether it is personal data or otherwise), all such access is logged with information identifying the Maytech's personnel accessing the data and setting out the date and time of access. Access logs are maintained for 12 months and can be downloaded and stored by the Customer at that time. |
What is your review processes, manual or automated, for event and application logs generated within the solution? | Maytech’s approach to log management is controlled by ISMS OP 22 - Logging and Audit Trails Policy.
All audit entries are time-stamped with entries recorded as GMT dates and times. Clock synchronisation is uniform on all servers to ensure timestamps are consistent across all logs to avoid any time discrepancies which may cause issues for any subsequent forensic activities. All logs are reviewed periodically (minimum at least monthly) to identify any unauthorized access to the systems. Retention of audit files is for at least 12 months. |
If required, what methods and formats are available for a Customer to export a copy of data? | The account owner has access to all the data so can take a copy of all your data at any time. |