Administrative Departmental Policy
This department-specific policy applies to the operations and staff of the Information Services
Department of the University of Wisconsin Hospitals and Clinics Authority as integrated effective July 1,
Policy Title: Monitoring Systems and the Network
Policy Number: IN-POL-010
Effective Date: 5/20/2016
• Identifies and defines the processes for monitoring the computer network and server
infrastructure to protect and secure PHI and UW Health business information.
• Establishes the minimum specifications for logging events on network equipment and
servers so sufficient information exists to identify and resolve errors and potential
II. DEFINITIONS (optional)
Netflow: A protocol for logging IP information packets as they flow through a router, switch, or
other networking device, and for reporting that information to network management and
Syslog Server: A server used to collect event messages and alerts across an IP network.
III. POLICY ELEMENTS
Protected Health Information (PHI) touches many systems as it traverses the network. To keep it
secure and confidential, UW Health Information Services adheres to the following policies:
• Maintain server and network device logs that are safely stored and easily accessible for
analysis, if needed.
• Install and maintain appropriate hardware devices to monitor and secure the network.
• Monitor the network for aberrant behavior that may indicate a larger problem.
• Notify the appropriate personnel when system event problems are found.
When possible, UW Health IS systems are configured to meet the following minimum
specifications for logging events on the network and servers.
Events to log Data to record about log entry
• Startup, shutdown, or restart
• Backup and recovery operations
• Configuration changes, including
installation or changes to software or
• Event abort, failure, or abnormal end
• What activity was performed?
• Date/time stamp when the activity was
• Who or what performed the activity?
• Outcome of the activity (pass/fail)
Retention and storage Reviewing logs
• Two weeks if system performance is not
• Data are kept where only authorized
staff have access
• Automated monitoring and error
notifications are used, when possible,
to notify system administrators of
errors or problems.
• Historical logs are manually reviewed
by authorized personnel when
problems are found.
Computer systems that are technically or operationally unable to perform the minimum
requirements of event logging are exempt from this policy.
The following procedures support this policy:
Monitoring Systems and the Network Procedure
V. FORMS (optional)
VI. REFERENCES (optional)
Sr. Management Sponsor: UW Health IS CTO
Author: UW Health IS Server Manager
Reviewer(s): UW Health IS Directors
Approval Committee: UW Health CIO
UW Health CIO
Effective Date Next Review Summary of Changes Change Authors
5/20/2016 5/20/2017 Annual review/revision. C. Frank, B. Gross, E. Bakkum
7/21/2014 7/21/2015 Original release.
T. Borchert, D. Jaworski, S. Schroeder,