Skip to content

BIM.PR.24 — Logging and Monitoring

BİM.PR.24 — Logging and Monitoring Procedure

Document No BİM.PR.24 Version 1.0 First Published 26.04.2026
Owner Group Network & Security Group
Approver Mehmet ARARAT — IT Director
Legal Basis Law No. 5651 · KVKK Art.12 · ISO/IEC 27001:2022 A.8.15-8.16 · BİGDES
Related Documents KYS.POL.01 P15 (Change), P33 (Incident Breach), KYS.POL.05, BİM.PR.05, BİM.PR.10, BİM.PR.18

1. Purpose and Scope

Within the framework of KYS.POL.01 P33 (Incident Breach Notification) and KYS.POL.05 (Retention), defines the standards for collecting, protecting, retaining and reviewing audit records (logs) generated by institutional systems.

2. Logged Systems

  • portal.hku.edu.tr (authentication, password changes, 2FA events)
  • Google Workspace (send/receive, session, sharing)
  • Firewall (inbound/outbound traffic summary, rule matches)
  • VPN (session start/end, user, IP)
  • Active Directory / SSO (login, failed attempts, privilege changes)
  • OBS, EBYS, OYS (application access records)
  • Web servers (HTTP access log)
  • SAP Fixed Assets + inventory (authorisation changes)
  • Databases (Sysadmin DML, audit trail)

3. Retention Period

Under KYS.POL.05 Art.8.1 retention table, category “Operational Security — 2 years”:

  • All security logs: 2 years (compliant with Law No. 5651)
  • Logs relevant to an ongoing incident are extended until the end of legal proceedings
  • BIM Director manual mail access records (BİM.PR.18 Art.8): 5 years

4. Access

Logs are accessible only to the BIM Network & Security Group. Legal proceedings → court/prosecutor request + BIM Director approval + Legal Counsel notification. Log access requests are themselves logged (audit trail: “who, when, which log was accessed”).

5. Integrity

  • Logs are stored on a WORM (Write-Once-Read-Many) repository
  • Protected against tampering via hash chain
  • Forwarded to a centralised SIEM; anomaly detection is automated
  • Even authorised users cannot modify log server content

6. Anomaly Monitoring

  • Sudden increase in failed 2FA attempts
  • Simultaneous logins from different geographies on the same account
  • Administrator actions outside working hours
  • Privilege escalation attempt
  • Bulk data download (DLP trigger)

Anomalies automatically alert the Help Desk and Network & Security Group; accounts may be temporarily suspended if necessary.

7. User Notice

KYS.POL.03 + Privacy Notice states “log retention 2 years”. Users may request access to their own log records under KVKK Art.11; the KVKK Commission responds within 30 days.

8. KVKK Compliance

Logs may contain personal data and are therefore subject to all KVKK principles. Upon expiry, automatic anonymisation or deletion is applied (BİM.PR.21 methods).

9. Effective Date

26.04.2026; revised January/July.

Hasan Kalyoncu University · IT Directorate
Osmanlı Mah. Havaalanı Yolu Üzeri 8. Km 27010 Şahinbey/Gaziantep
444 6 458 · destek@hku.edu.tr · destek.hku.edu.tr · portal.hku.edu.tr
KEP: hasankalyoncu.unv@hs01.kep.tr

Scroll to Top