RE: retention of documentation

[Street, Bunny]

Bob, can you point me to a specific citation in the National Industrial Security Program manual?    The reason I am asking is that I had heard the same info you stated below.  However, when I briefly looked at the NIS manual I found 2 references.    The first,  Chapter 5 5-702 Retetion of Classified Material relating to contractors and 2 years.   The second, Chapter 8-602a Audit Requirements stating retain for "at least one review cycle or as rquired by the Cognizant Security Agency".     I cannot seem to find the 6 month reference.  thanks for your help -----Original Message----- From: Bob Starling [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 12, 2002 4:37 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: retention of documentation In the Guidelines for Academic Medical Centers on Security and Privacy published by the Association for American Medical Colleges, with regard to audit controls they state:   The required retention period for audit log data may vary. In general, at least several months of data are necessary to adequately investigate instances of inappropriate access. The National Industrial Security Program, which oversees the protection of U.S. government classified information, requires at least six months of log data. This may be a reasonable and defensible goal for Academic Medical Centers as well. Also see: SEC.06 Internal Audit, SEC.09 Security Incident Procedures, PRIV.53 Complaints, and PRIV.54 Sanctions.   Bob Starling, Information Services, VP5 Cincinnati Children's Hospital Medical Center (Mail Location Code 9009) 3333 Burnet Avenue Cincinnati, OH 45229-3039 Phone: 513.636.7519 Fax: 513.636.7504 Page: 513.670.4519 (business hours only) Email: [EMAIL PROTECTED]   If you want to send a text message to my pager, please use the following email address: [EMAIL PROTECTED] >>> "Street, Bunny" <[EMAIL PROTECTED]> 3/12/02 10:21:44 AM >>> Although the security regs are in proposed status, is anyone aware of references to retention requirements for documentation; such as how long should audit information be retained?  Thanks Leslie Street Privacy Specialist Mountain States Health Alliance Johnson City, TN 36704 423-431-1661 [EMAIL PROTECTED] ********************************************************************** To be removed from this list, send a message to: [EMAIL PROTECTED] Please note that it may take up to 72 hours to process your request. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address. ********************************************************************** To be removed from this list, send a message to: [EMAIL PROTECTED] Please note that it may take up to 72 hours to process your request.