The Philippines Data Privacy Act (PDPA) is a privacy regulation law that aims to protect the personal information of the public. This compliance requires organizations that handle personal data of Filipino citizens to maintain secure systems for storing and managing it. ManageEngine EventLog Analyzer, a comprehensive log management and IT compliance management solution, can help you protect the personal data your organization holds and easily meet PDPA requirements.
This PDPA compliance tool helps organizations meet PDPA requirements by detecting security threats, data breach attempts, and unauthorized or unwanted modifications to personal data. Read on to learn more about how EventLog Analyzer's features can be leveraged to meet compliance requirements easily.
Become PDPA compliant with EventLog Analyzer
Audit user sessions
PDPA mandates the protection of personal information stored and processed by the organization. To ensure personal information security, you need to monitor the user activity in the system where your data is stored. EventLog Analyzer helps satisfy this requirement with its continuous user session and activity monitoring. It monitors every user action, analyzes the deviations or anomalies in user behaviors to detect compromise of personal information.
This IT compliance solution conducts exhaustive user audit trails and provides precise information on user logons and logoffs, audit policy changes, accessed objects, user account changes, and successful audit log clearance. These reports will help you determine if the personal information is secured or compromised.
Monitor file integrity
Ensuring the integrity of the stored personal information is a critical requirement of PDPA. With EventLog Analyzer's file integrity monitoring feature, understand who accesses personal information, what operations are being done (file modification) on the personal information, from where, and how. This visibility helps you ensure the integrity of the personal information stored. Additionally, you can also get notified when critical changes take place in sensitive files and folders.
This solution ensures total file integrity by scanning attributes, ownership, permissions, and size. It also provides complete disclosure to identify the source, host name, time, and location for all anomalous file events.
Manage database logs
Auditing database logs will help you understand the accesses and modifications made to the sensitive data stored in the database, which is important to satisfy the PDPA's data protection requirements. EventLog Analyzer's database and activity monitoring provides a complete audit trail to help you detect unauthorized access to confidential data.
EventLog Analyzer monitors user activity, database transactions, account management, server security, and more. You will also be able to identify common attack patterns like injection attacks or denial of service with a powerful correlation engine that can help you correlate network activities.
Detect privileged user abuse
The privileged users in any network have enhanced access to protected data, systems, and applications. Monitor privileged user activity and detect privilege abuse and identity theft with EventLog Analyzer's privileged user monitoring and auditing.
It allows you to generate reports for device-wise user activities and user-wise activities. You will gain key insights on privileges activities like configuration changes, software installations, sensitive data accesses and changes, and more.
Automate your incident response
PDPA expects organizations to have an incident management system in place to quickly mitigate attacks. EventLog Anayzer's incident response and management module automatically assigns incident workflows when a breach is detected.
This PDPA compliance solution supports integration with external help desk software to assign tickets to security admins to speed up the resolution process. You will also be notified when compliance gaps are identified in the network to prevent penalty.
Take a look at some PDPA rules and learn how EventLog Analyzer can help you comply with these requirements easily:
PDPA rules
Actions required
What EventLog Analyzer can do
RULE VI Section 25
Personal information controllers and processors are mandated to implement appropriate physical, technical, and organizational security measures to protect personal data.
User account validation
Logon reports
User access
Removable disk auditing
Terminal service session
Wireless network reports
File changes
Microsoft SQL DDL/DML changes
Microsoft SQL security changes
Oracle DDL/DML changes
Oracle security changes
MySQL general statement reports
MySQL administrative statement reports
Printer auditing reports
Network device attack reports
Network device configuration reports
Network device security reports
Symantec DLP reports
RULE VII Section 30
All personal information maintained by government, agencies, and instrumentalists should be secure with the use of the most appropriate standard as recognized by the information and communication industry.
EventLog Analyzer also offers these other features
Event log correlation
Discover sequences of logs that indicate well-known cyberattacks by correlating various sources of your network.
Simplify IT compliance auditing using predefined audit-ready report templates for various regulatory mandates, including the PCI DSS, the GDPR, HIPAA, FISMA, SOX, and ISO 27001.
Drill down to the raw log events and carry out root cause analysis on any network breach with ease. EventLog Analyzer provides specific details of the attack, including entry point, time, and extent of the damage caused in the network by recreating the crime scene.
5 reasons to choose EventLog Analyzer as you PDPA compliance solution
Comprehensive log management
NERC emphasizes the importance of monitoring firewall and activities. EventLog Analyzer provides out- of- the- box support for prominent firewall vendors like Barracuda, Sonicwall, pfSense, Palo Alto Networks, and Fortinet. Additionally, the solution supports over 750 other log sources for complete network log management.
Audit all the BES cyber assets in your network and obtain a detailed overview on what's happening in the network in the form of intuitive dashboards. The solution also comes with compliance-ready reports for prominent regulatory mandates, including NERC.
NERC mandates that organizations detect network anomalies and trace security threats. EventLog Analyzer's powerful correlation engine holds over 30 predefined correlation rules, and detects known malicious patterns by analyzing activities across the network.
Implement a reliable system to detect and prevent malicious activity in your network. The solution has an integrated incident response and management console that assigns tickets when critical security events are detected to speed up incident resolution.
Ensure that no malicious source enters your network with the advanced threat intelligence feed. Detect malicious IP addresses, URLs, and domain interactions with the built-in global IP threat intelligence database and STIX/TAXII feed processor.
The Philippines Data Privacy Act of 2012 (Republic Act 10173) is a law that protects the personal and privileged information of the public from being misused or mishandled. The act was designed to protect the personal information of citizens, and it also regulates how companies can collect and use personal information.
The law requires organizations that handle personal data to maintain secure systems for storing and handling it and provide users with means by which they can access their data and correct any errors in it. It is divided into nine sections:
General Provisions
Collection of Personal Data by Private Parties
Use of Personal Data
Security Safeguards for Personal Data
Disclosure of Personal Data
Policy management
Non-Monetary Remedies for Violation of Rights under this Act
Jurisdiction and Venue of Actions under this Act
Transitory Provision
What is the IRR?
The Implementing Rules and Regulations (IRR) of the PDPA are a set of guidelines created to ensure that the act is being followed properly.
These rules require companies that use or store personal information of custers to:
Have an information security program in place that meets certain standards, which includes but is not limited to incident response planning and training, data classification schemes, and database access control policies.
Have a privacy officer who ensures the company is complying with all applicable laws and regulations related to data privacy.
Who must comply with the PDPA?
The PDPA must be followed by all private companies, government agencies, and other institutions based in the Philippines. It also applies to any person who processes personal data on behalf of an entity covered by this law.
Manage logs effectively and stay compliant.
EventLog Analyzer helps you meet various regulatory mandates by auditing. managing, and analyzing logs.
Credit Union of Denver has been using EventLog Analyzer for more than four years for our internal user activity monitoring. EventLog Analyzer provides great value as a network forensic tool and for regulatory due diligence. This product can rapidly be scaled to meet our dynamic business needs.
Benjamin Shumaker
Vice President of IT / ISO
Credit Union of Denver
The best thing, I like about the application, is the well structured GUI and the automated reports. This is a great help for network engineers to monitor all the devices in a single dashboard. The canned reports are a clever piece of work.
Joseph Graziano, MCSE CCA VCP
Senior Network Engineer
Citadel
EventLog Analyzer has been a good event log reporting and alerting solution for our information technology needs. It minimizes the amount of time we spent on filtering through event logs and provides almost near real-time notification of administratively defined alerts.
Joseph E. Veretto
Operations Review Specialist Office of Information System
Florida Department of Transportation
Windows Event logs and device Syslogs are a real time synopsis of what is happening on a computer or network. EventLog Analyzer is an economical, functional and easy-to-utilize tool that allows me to know what is going on in the network by pushing alerts and reports, both in real time and scheduled. It is a premium software Intrusion Detection System application.
Free Edition
