Trust Center

Logging and Monitoring

Last Updated: April 17, 2025 2:38 pm MDT

Zayo implements logging and monitoring controls on its internal environment. Customers must implement their own security controls to protect their own environments.

Is security and system log data retained and monitored?

Zayo collects logs focused on security related activities and source owner audit purposes. Logs are retained for 365 days and are under continuous review. Alerts are automated as logs are tested against system rules, and actionable events are addressed by the Security Operations Center (SOC).

What does Zayo’s logging process include?

  • Logs are synchronized to multiple sources
  • Logs are fed to a central security information and event management system (SIEM)
  • Logs are reviewed regularly for abnormal events
  • SIEM captures source (firewall, IPS, VPN, etc.)
  • SIEM captures category (user activity, proxy, etc.)
  • SIEM captures information type (IP, name, etc.)
  • SIEM outputs are reviewed at least every 24 hours by a member of the IT or Security team
  • Security monitoring is conducted 24/7 by an internal or third-party SOC Service

Which administrator activities are logged and monitored?

  • Log source (firewall, IPS, VPN, etc.)
  • Log category (User Activity, proxy, etc.)
  • Information type (IP, name, etc.)
  • Use case (authentication, suspicious inbound activity, malicious web site)
  • Administrator logging covers AD, network devices, VPN
  • Modifications to administrator groups, including adds, modifies, removes, unsuccessful logins

How is usage and capacity of critical assets monitored?

Effective monitoring of asset usage and capacity ensures optimal system performance, minimizes downtime, and supports proactive resource management. This involves implementing key controls to track and manage system health and efficiency:

  • Outbound Traffic Monitoring
  • Storage Capacity Alerts
  • Error and Fault Reporting
  • Performance Benchmarking

What other types of monitoring programs does Zayo implement?

Zayo’s monitoring programs also include:

  • Controls
  • Risk
  • Security and threat intelligence
  • Compliance
  • Threat and file integrity
  • Changes in Organizational structure