We're currently getting ready for an audit, and one of the requests is to provide proof that monitoring is indeed happening in our systems. We have logs and alerts in place, along with on-call rotations, but the way these were set up doesn't really consider the need for clear evidence for an audit. What kinds of evidence do auditors typically accept to verify that monitoring is effectively implemented?
1 Answer
From my experience, the first audit tends to establish baseline controls, but it's the renewal audits that really test consistency. Auditors dig deeper with each round as they expect your monitoring game to mature. They often find gaps in how evidence is collected throughout the year versus just before the audit. It's crucial to have documentation to avoid these pitfalls.

Totally get that! We started documenting our ongoing processes and saving those repetitive artifacts. Over time, we pulled everything together in one place to simplify things during audits. Using Delve with our monitoring stack helped a lot!