All IAM activities are logged for at least 1 year
Logs include: Login attempts, privilege changes, access violations
Reviewed monthly by InfoSec team, quarterly by 2nd line (Risk) and yearly by 3rd line (Internal Audit)
Evidence retained to support FCA Principle 10arrow-up-right and SMCR regime
References:
FCA Principle 10 https://www.handbook.fca.org.uk/handbook/PRIN/2/1.htmlarrow-up-right
SMCR https://www.fca.org.uk/firms/senior-managers-certification-regimearrow-up-right
Last updated 8 months ago