Posted: Tue Aug 12, 2003 6:40 pm Post subject: Audit - Log Retention - How Long - Legal Requirements?
Setting up policies for auditing, backing up, and storing logs.
I have read many recommendations and requirements ranging from 7
years to one year.
Don't find any legal precedence (gigalaw.com etc.) We are:
A Privately held, non-government, non-healthcare, non-financial US
Company thus not governed by HIPAA or GLBA requirements.
Also - regarding Windows event logs -
Should they be archived in native .evt format?
What does law enforcement consider acceptable evidence?
I know that if data is modified in certain ways it beomes disallowed in a
court of law.
bog - Thanks very much for your input. Space isn't an issue really. And
management is clueless on the technical side. We have no ready access
to legal counsel on the matter. That may be the next step but Mgmt has
what they consider bigger fish to fry - like keeping the company afloat on
a daily basis.
I really just need to put forth reasonable justification and research but I
really don't find much info out there save military requirements. Trying to
find a compromise between that and nothing at all. I'd also like to
compare the retention time and format that others use and their
justifications for it.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum