Are logs of user activities, exceptions, and security events classified as mandatory records?

Logs of user activities, exceptions, and security events are classified as mandatory records because they are essential for maintaining an organization's information security management system (ISMS). They play a crucial role in monitoring and evaluating the effectiveness of the ISMS, as well as ensuring compliance with various regulatory and legal requirements.

These logs provide a historical record of activities that can help organizations detect and respond to security incidents. They also support auditing processes by preserving evidence that can be examined to ensure that security policies are being followed. Moreover, they help identify trends or anomalies in user behavior, which can be important for proactive security measures. Maintaining such logs is part of good governance and risk management practices, which aligns with the core principles of ISO 27001.

While there may be specific contexts where certain logs are more critical (like during a breach investigation or for the review of security personnel), the overall requirement is for logs to be maintained as part of a comprehensive approach to security management. Therefore, the classification of these logs as mandatory records reflects their significant role in ensuring ongoing security and compliance.