AUDIT-LOG-RETENTION
Policy for audit log retention duration.
Definition
Typical durations: 90 days (PCI-DSS minimum), 1 year (PCI-DSS recommendation), 6 years (HIPAA US Healthcare), 7 years (SOX US Finance), 10 years (KYC AMLD5 EU). Storage: hot tier (S3 IA), cold tier (Glacier), tamper-evident (S3 Object Lock WORM, Cloud Storage Bucket Lock).
Origin
Practice formalised in NIST SP 800-92 (Log Management).
Example in context
A bank retains SWIFT audit logs 10 years (KYC) with S3 Glacier Deep Archive.
Related terms
- Tamper-evident logs — log integrity.