If you don't notice when your applications misbehave, a hacker could be stealing data from your system for months without you knowing. For example, a Delhi manufacturing firm discovered their ERP system was showing strange database errors—they ignored it, and later found out that a competitor had been accessing their supply chain data for six months, costing them ₹15 lakhs in lost contracts. When your applications fail silently or you don't track errors, you also can't prove to customers or regulators that you detected a breach in time, which can result in losing business or facing government fines under the Digital Personal Data Protection Act.
Find where your organisation is today. Be honest — the self-assessment is only useful if it reflects reality.
Absent
You have no system to notice or record when your applications crash or behave unusually. When errors happen, users just restart their computers or call IT, and nothing is formally tracked or investigated.
Initial
Your IT person occasionally checks if applications are working, usually only when someone complains. When errors occur, you manually restart services, but you keep no log of what happened or why.
Developing
You have basic server logs or application logs stored somewhere, and your IT person reviews them once a month or when there's a problem. You document some major errors in a spreadsheet, but there's no consistent monitoring system in place.
Defined
You have automated monitoring software that alerts your IT team when applications show errors or unusual behavior. You maintain a log of incidents and review them weekly, and your IT person investigates critical issues within a day.
Managed
You have real-time monitoring tools that track application performance, errors, and unusual patterns. Your team responds to alerts within hours, maintains detailed incident records, and uses this data to fix underlying problems before they cause bigger issues.
Optimised
You have continuous, automated monitoring with intelligent alerting that learns normal patterns and flags genuine anomalies. Your team uses this data proactively to improve security, your systems automatically escalate critical issues, and you correlate application errors with security logs to detect attack patterns.
| Step | What to Do | Who | Effort |
|---|---|---|---|
| 0 → 1 | Instruct your IT person to start keeping a written log (in a notebook or Excel file) every time an application crashes, shows errors, or behaves unusually. Include the date, time, application name, what happened, and what was done to fix it. | IT Person or System Administrator | 1 day to start, then 30 minutes daily |
| 1 → 2 | Enable basic logging on all critical applications and servers. Check your application vendor documentation or ask them how to turn on error logging. Have your IT person review these logs every Friday afternoon and document significant errors in a shared spreadsheet. | IT Person with support from application vendors | 1 week to set up, then 2 hours weekly |
| 2 → 3 | Install a free or low-cost monitoring tool (like Grafana or Prometheus) that automatically watches your servers and applications 24/7 and sends alerts via email or SMS when errors or unusual activity occur. Create a simple incident response checklist for your IT person to follow when alerts arrive. | IT Person or outsourced IT support provider | 2-4 weeks to install and configure |
| 3 → 4 | Upgrade to a commercial monitoring and alerting platform that provides better visibility into what's happening. Set up automated escalation rules so critical issues are reported to management within one hour. Create a monthly review meeting where you analyze trends in application errors and security incidents together. | IT Manager with management oversight | 1-2 months for tool evaluation, setup, and training |
| 4 → 5 | Implement advanced analytics that use machine learning to detect anomalies automatically, integrate security logs with application logs to spot attack patterns, and set up automated remediation for common issues. Conduct quarterly security reviews using this data and refine your detection rules based on findings. | IT Manager or Chief Information Security Officer | Ongoing refinement and monthly analysis |
Documents and records that prove your maturity level.
- Application error log file or log aggregation system showing errors recorded for the past 90 days with timestamps
- Incident log or register documenting unusual behaviors noticed, dates, investigation findings, and actions taken (in Excel, Google Sheets, or ticketing system)
- Monitoring tool configuration showing which applications and servers are being monitored, what alerts are set up, and alert thresholds
- Evidence of alerts sent (email/SMS records or dashboard screenshots) showing the system detected an error and notified the IT team
- Incident investigation records for at least 3 recent issues showing what the problem was, root cause, and how it was resolved
Prepare for these questions from customers or third-party reviewers.
- "Walk me through what happens when an application starts showing errors or behaving unusually. Who gets notified and how long does it take for someone to look at it?"
- "Can you show me your logs from the last three months? What's the most serious error you found, and what did you do about it?"
- "If I asked you right now whether your e-commerce application had any suspicious activity in the last week, could you tell me yes or no with confidence?"
- "Do you have any tool or system that automatically watches your applications and tells you when something is wrong, or is this done manually by someone checking?"
- "Have you ever noticed unusual behavior that turned out to be a security incident or attack? How did you discover it?"
| Purpose | Free Option | Paid Option |
|---|---|---|
| Collect and view logs from servers and applications in one place | ELK Stack (Elasticsearch, Logstash, Kibana) - open source, requires technical setup | Splunk (₹8-15 lakhs/year), New Relic (₹2-5 lakhs/year), Datadog (₹3-7 lakhs/year) |
| Monitor server and application health in real-time and send alerts | Grafana + Prometheus - open source, good for small setups | Zabbix (free open source with optional commercial support), Nagios (₹50,000-2 lakhs one-time), SolarWinds (₹3-8 lakhs/year) |
| Track IT incidents and problems from discovery to resolution | Osticket, Jira Community License (up to 10 users free) | Freshdesk (₹1.5-4 lakhs/year), Jira Service Management (₹80,000-2 lakhs/year) |
- Collecting logs but never reading them — many businesses enable logging but then no one actually reviews the logs, so errors go unnoticed for months. Set a specific day and time (e.g., every Friday at 4 PM) for your IT person to review logs, even if only for 30 minutes.
- Treating all errors the same — a minor warning that appears 100 times a day will bury real security issues in noise. Configure your monitoring to filter out routine, harmless errors and only alert on genuinely serious problems.
- No one assigned responsibility — if 'everyone' is supposed to watch for errors, then no one actually does. Clearly assign this job to one person (even if part-time) and hold them accountable in their performance review.
| Standard | Relevant Section |
|---|---|
| DPDP Act 2023 | Section 8(2)(e) and Schedule 2 — requirement to maintain records of personal data processing and detect unauthorized access |
| CERT-In 2022 | Direction 4 — requirement to implement security controls including logging and monitoring of information systems |
| ISO 27001:2022 | A.8.4.1 (Event logging), A.8.4.2 (Protection of log information), A.8.4.3 (Administrator and operator logs), A.12.4.1 (Event logging) |
| NIST CSF 2.0 | Detect (DE) Function — DE.AE-2 (Anomalies and events are detected), DE.CM-1 (Monitoring and anomaly detection) |
Ready to assess your organisation?
Answer all 191 questions and get your NIRMATA maturity score across all 12 pillars.
Start Free Self-Assessment →