ISO 27001 Control 8.17: Clock Synchronization
Accurate timestamps are the backbone of reliable audit trails. ISO 27001 control 8.17 requires organizations to synchronize all system clocks to approved time sources, ensuring that security events and logs can be properly investigated and correlated. For SMBs managing multiple servers and endpoints, clock drift can undermine your entire compliance posture.
What this means
This control mandates that all information processing systems within your organization maintain synchronized time by connecting to approved time sources (typically NTP servers or atomic clocks). Synchronized clocks are critical because they allow security teams to accurately sequence events across multiple systems, reconstruct incident timelines, and generate legally defensible audit evidence. Without synchronization, log entries from different systems may have conflicting timestamps, making forensic analysis unreliable and potentially invalidating compliance records.
How to comply
- 1.Identify and designate approved time sources (NTP servers or equivalent) that your organization will use as the single source of truth
- 2.Configure all systems, servers, and network devices to synchronize with these approved sources at regular intervals
- 3.Set appropriate synchronization frequency (typically every 1-4 hours depending on system criticality and audit requirements)
- 4.Implement monitoring to detect and alert when clock synchronization fails or exceeds acceptable drift thresholds
- 5.Document your clock synchronization policy, including approved sources, drift tolerance, and remediation procedures
- 6.Test synchronization across all information processing systems to verify accuracy and consistency
- 7.Establish a change management process for updating approved time sources and synchronization settings
Evidence auditors look for
- NTP server configuration documentation with approved source addresses
- System screenshots showing synchronized time across servers and endpoints
- Monitoring logs demonstrating successful synchronization checks over audit period
- Alert records showing detection and remediation of synchronization failures
- Clock synchronization policy document with tolerance thresholds and responsibilities
- Audit trail reports with consistent timestamps correlating events across systems
- Change records for any updates to approved time sources or synchronization settings
- Third-party time sync service contracts or SLA documentation
Frequently asked questions
When will FAQs be available?
The FAQ for this control is currently being prepared.
GRCWatch automatically discovers and monitors clock synchronization status across your entire infrastructure, alerting you to drift before it impacts audit logs, and generates synchronized timestamp evidence for your ISO 27001 audits.
See how GRCWatch handles this control automatically
Start free trial