ISMS Compliance
CyFun BasicDetect

DE.CM-3: Personnel activity monitoring

Personnel activity is monitored to detect potential cybersecurity events

DETECTDE.CM-3

Requirement

Endpoint and network protection tools to monitor end-user behaviour for dangerous activity shall be implemented.

Our Implementation

Personnel activity monitoring is implemented through application-level logging:

  • Authentication monitoring: Supabase Auth logs all login events including timestamps, IP addresses, user agents, and authentication methods. Failed login attempts are recorded for anomaly detection
  • Application activity: User actions within the NextSDS platform are tracked through application logs, enabling audit trails of data access and modifications
  • Administrative access: Cloud provider admin consoles (GitHub, Vercel, Supabase) maintain their own audit logs of administrative actions

All administrative actions are logged and visible to authorised personnel through provider audit trails. Critical alerts (data errors, uptime issues, application errors) are routed to centralised Slack channels with mobile notifications enabled for all developers, ensuring real-time awareness.

Gaps / Planned improvements:

  • No automated alerting on suspicious login patterns — e.g., impossible travel, brute force (NEX-358)
  • No user behaviour analytics (UBA) solution (NEX-381)
  • Admin audit logs not centrally collected or reviewed (NEX-381)

Evidence

Partially ImplementedL1 — Initial

DE.CM-1: Network monitoring

The network is monitored to detect potential cybersecurity events

DE.CM-4: Malicious code detection

Malicious code is detected

On this page

RequirementOur ImplementationEvidence