Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, under the Information Technology Act, 2000 in India, lays out the requirements for entities handling sensitive personal data or information to implement reasonable security practices and procedures, including log monitoring.
Section 8 of the rules outlines the specific security practices and procedures that must be implemented, including:
* "The body corporate shall ensure log-on attempt monitoring."
* "The body corporate shall ensure that the logs are available for examination and audits as required under these rules."
* "The body corporate shall maintain the logs of any sensitive personal data or information accessed or modified by any employee of the body corporate for a minimum period of six months."
These provisions in the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, emphasize the importance of log monitoring for entities handling sensitive personal data or information in India. The implementation of log monitoring is an essential component of the security practices and procedures that entities must implement to protect sensitive personal data or information and to comply with the provisions of the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.