Audit controls: Logging processes and pipeline
Logging is a critical part of Apple’s information security management because it helps ensure the security of Health app data Share with Provider systems. Apple establishes standard methods and tools to collect system logs for security alerting. Apple doesn’t log any End-User Data. An event pipeline receives logs from Health app data Share with Provider systems and aggregates them into a single location that’s globally available to authorized incident response personnel. Alert rules are defined for the detection of anomalous events, such as access attempts from unfamiliar locations and excessive use of administrative privileges. Alert rules are periodically reviewed and refined as new log sources or new business use cases are added.
Provider access logging
When a Customer uses the Web Application, Apple records their access of End-User Data in a way that preserves privacy and anonymity, logging each request for data. Log records are stored for one year after a request is made. Customers may request a copy of logs if they need to investigate a security incident at their site.