The Philippines Data Privacy Act (PDPA) is a privacy law that aims to protect the personal information of the public. This compliance regulation requires organizations that handle the personal data of Filipino citizens to maintain secure systems for storing and managing it. ManageEngine EventLog Analyzer, a comprehensive log management and IT compliance management solution, can help you protect the personal data your organization holds and easily meet PDPA requirements.
This PDPA compliance tool helps organizations meet PDPA requirements by detecting security threats, data breach attempts, and unauthorized or unwanted modifications to personal data. Read on to learn more about how EventLog Analyzer's features can be leveraged to meet compliance requirements easily.
The PDPA mandates the protection of personal information stored and processed by organizations. To ensure personal information security, you need to monitor the user activity in the systems where your data is stored. EventLog Analyzer helps satisfy this requirement with its continuous user session and activity monitoring. It monitors every user action, analyzing the deviations or anomalies in user behaviors to detect any compromise of personal information.
This IT compliance solution creates exhaustive user audit trails and provides precise information on user logons and logoffs, audit policy changes, accessed objects, user account changes, and successful audit log clearance. These reports will help you determine if the personal information is secured or compromised.
Monitor file integrity
Ensuring the integrity of stored personal information is a critical requirement of the PDPA. With EventLog Analyzer's file integrity monitoring feature, understand who accessed personal information, what operations were performed on it (file modifications), from where, and how. This visibility helps you ensure the integrity of the stored personal information. Additionally, you get notified when critical changes take place in sensitive files and folders.
This solution ensures total file integrity by scanning each file's attributes, ownership, permissions, and size. It also provides complete disclosure to identify the source, hostname, time, and location for all anomalous file events.
Manage database logs
Auditing database logs helps you understand attempts to access and modify the sensitive data stored in the database, which is important to satisfy the PDPA's data protection requirements. EventLog Analyzer's database and activity monitoring provides a complete audit trail to help you detect unauthorized access to confidential data.
EventLog Analyzer monitors user activity, database transactions, account management, server security, and more. You can also identify common attack patterns like injection attacks or denial-of-service attacks with a powerful correlation engine that correlates network activities.
Detect privilege abuse
The privileged users in any network have enhanced access to protected data, systems, and applications. Monitor privileged user activity and detect privilege abuse and identity theft with EventLog Analyzer's privileged user monitoring and auditing.
It allows you to generate reports for device-wise user activities and user-wise activities. You gain key insights on privileged activities like configuration changes, software installations, and sensitive data access and changes.
Automate your incident response
The PDPA expects organizations to have an incident management system in place to quickly mitigate attacks. EventLog Anayzer's incident response and management module automatically assigns incident workflows when a breach is detected.
This PDPA compliance solution supports integrations with external help desk software to assign tickets to security admins to speed up the resolution process. You also get notified when compliance gaps are identified in the network to help you prevent penalties.
Take a look at some PDPA rules and learn how EventLog Analyzer can help you comply with these requirements easily
PDPA rule
Action required
What EventLog Analyzer can do
Rule VI
Section 25
Personal information controllers and processors are mandated to implement appropriate physical, technical, and organizational security measures to protect personal data.
User account validation
Logon reports
User access
Removable disk auditing
Terminal service session
Wireless network reports
File changes
Microsoft SQL DDL/DML changes
Microsoft SQL security changes
Oracle DDL/DML changes
Oracle security changes
MySQL general statement reports
MySQL administrative statement reports
Printer auditing reports
Network device attack reports
Network device configuration reports
Network device security reports
Symantec DLP reports
Rule VII
Section 30
All personal information maintained by government, agencies, and instrumentalists should be secure with the use of the most appropriate standard as recognized by the information and communication industry.
Other solutions offered by EventLog Analyzer
Event log correlation
Discover sequences of logs that indicate well-known cyberattacks by correlating logs from various sources in your network.
Learn more
Contextual threat intelligence
Detect attacks at the first sign of trouble with regularly updated threat feeds using our global IP threat database and advanced threat analytics.
Learn more
IT compliance management
Simplify IT compliance auditing using predefined, audit-ready report templates for various regulatory mandates, including the PCI DSS, the GDPR, HIPAA, FISMA, SOX, and ISO/IEC 27001.
Learn more
Log forensics
Drill down to the raw log events and carry out root cause analysis on any network breach with ease. EventLog Analyzer provides the specific details of the attack, including the entry point, time, and extent of the damage caused in the network by recreating the crime scene.
Ensure that every segment of your network complies with the PDPA. EventLog Analyzer supports over 750 log sources, ensuring complete log management. You can automate the process of collecting, monitoring, analyzing, and reporting on network logs.
Generate PDPA audit reports for your organization with EventLog Analyzer's predefined compliance templates. The solution also supports other prominent regulatory mandates, including the PCI DSS, the GDPR, HIPAA, SOX, and FISMA.
Detect anomalies in your network by identifying complex sequences of events occurring in various sources. EventLog Analyzer's powerful correlation engine holds over 30 predefined correlation rules and detects known malicious patterns by analyzing activities across the network.
Implement a reliable system to detect and prevent malicious activity in your network. The solution has an integrated incident response and management console that assigns tickets when critical security events are detected to speed up incident resolution.
Ensure that no malicious source enters your network with the advanced threat intelligence feeds. Detect malicious IP addresses, URLs, and domain interactions with the built-in global IP threat intelligence database and the STIX and TAXII feed processor.
Join the countless banks and financial institutions relying on Log360 for seamless PCI DSS compliance
Help me comply
Your request for a demo has been submitted successfully. Our support technicians will get backto you at the earliest.
The PDPA of 2012 (The Republic Act 10173) is a law that protects the personal and privileged information of the public from being misused or mishandled. The act is designed to protect the personal information of citizens, and it also regulates how companies can collect and use personal information.
The law requires organizations that handle personal data to maintain secure systems for storing and handling it and to provide users with means by which they can access their data and correct any errors in it. The PDPA is divided into nine chapters:
General Provisions
Collection of Personal Data by Private Parties
Use of Personal Data
Security Safeguards for Personal Data
Disclosure of Personal Data
Policy Management
Non-monetary Remedies for the Violation of Rights Under This Act
Jurisdiction and Venue of Actions Under This Act
Transitory Provision
The Implementing Rules and Regulations (IRR) provision of the PDPA is a set of guidelines created to ensure that the act is being followed properly. These rules require companies that use or store the personal information of customers to:
Have an information security program in place that meets certain standards and includes incident response planning and training, data classification schemes, and database access control policies.
Have a privacy officer who ensures the company is complying with all applicable laws and regulations related to data privacy.
The PDPA must be followed by all private companies, government agencies, and other institutions based in the Philippines. It also applies to any person who processes personal data on behalf of an entity covered by this law.
Resources you might be interested in
EBOOK
Achieve PCI DSS v4.0 compliance with SIEM
Download now
CHECKLIST
PCI DSS compliance checklist
Access the checklist
VIDEO
Six crucial SIEM functions for complying with the PCI DSS
Watch now
EBOOK
PCI DSS Resource Kit for security monitoring
Explore now
Compliance ManageEngine adheres to
Our solutions undergo rigorous third-party audits to ensure compliance with the same global security and privacy standards we help you achieve.
Powerful log management and automated compliance reporting
