While the time frame for the retention of Audit Logs is unclear at this time, the bigger issue is, do you have the technical capability to monitor your logs in real-time or with some short latency period? Have you been able to define what constitutes a violation of your policy for access? Can you monitor policy violations from log data?
If you have the technical capability to reduce log data to events (activities which may violate policy) and then investigate events and boil them down to Incidents (activities which have violated policy and require some focused action to remediate the events), then you may only need to retain the Event and/or Incident data from the logs. Depending on the size of your organization log data from various applications, servers and network appliances may require 100's of gigabytes of offline storage and will in some cases require Terabytes of offline storage for log data. Storage of Events and/or Incidents may reduce your storage needs on an order of magnitude ranging from 20 to 100. Best to have a plan on how to capture, analyze, and reduce log data to reportable and actionable Incidents prior to spending lots of $$ on mass storage devices. Contact me off line if you have additional questions. William Sheffel Healthcare Practice Leader Veritect 703-851-3075 -----Original Message----- From: Street, Bunny [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 12, 2002 1:34 PM To: [EMAIL PROTECTED]; '[EMAIL PROTECTED]' Subject: RE: retention of documentation thanks to everyone for all the responses. While I am familiar with references in the Privacy regs, my state statutes, my own organizational p/p's, it appears that everyone agrees that there are no references in the security regs to documentation retention. Opinions are varied from.... likely to follow the Privacy regs....to....create your own....to follow your state, etc........ thanks again -----Original Message----- From: Street, Bunny [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 12, 2002 10:22 AM To: [EMAIL PROTECTED]; '[EMAIL PROTECTED]' Subject: RE: retention of documentation Although the security regs are in proposed status, is anyone aware of references to retention requirements for documentation; such as how long should audit information be retained? Thanks Leslie Street Privacy Specialist Mountain States Health Alliance Johnson City, TN 36704 423-431-1661 [EMAIL PROTECTED] ********************************************************************** To be removed from this list, send a message to: [EMAIL PROTECTED] Please note that it may take up to 72 hours to process your request. ********************************************************************** To be removed from this list, send a message to: [EMAIL PROTECTED] Please note that it may take up to 72 hours to process your request. ********************************************************************** To be removed from this list, send a message to: [EMAIL PROTECTED] Please note that it may take up to 72 hours to process your request.