+ Post New Thread
Results 1 to 4 of 4
School ICT Policies Thread, Retention Policy for Web Filter, Email and Data in School Administration; Are there any set guidelines for the length of time we should be retaining logs for web requests? Also how ...
  1. #1
    sjl is offline
    sjl's Avatar
    Join Date
    Apr 2009
    Thank Post
    Thanked 20 Times in 15 Posts
    Rep Power

    Retention Policy for Web Filter, Email and Data

    Are there any set guidelines for the length of time we should be retaining logs for web requests? Also how long do we have to retain archived emails for? How long should we be keeping hold of student user areas after they have left?

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Fylde, Lancs, UK.
    Thank Post
    Thanked 592 Times in 513 Posts
    Blog Entries
    Rep Power
    *Dons security hat*

    If you collect the audit logs from your system for a month and during that month no incidents have occurred, you could archive the data offline and retain it for one academic year (recorded in one-month intervals). If an event happened in a subsequent period, it would be necessary to go back to check if any previous pattern existed or if this was an isolated event. In such cases the archive schedule would likely provide an acceptable and relevant data set. This should be outlined in the audit logging policy.

    If a breach of the acceptable use policy had occurred, you would need to extract all the related data surrounding that particular incident and create a case file. As you would not know at the outset whether the breach might result in a court case, you should archive this set of records for a period of not less than seven years. This is a common practice similar to email retention in regulated industries.

    Note that the seven-year retention times only apply to logging of actual events (breaches of the acceptable use policy). The regulatory policy is not intended to collect every bit of log data and retain it for extended periods.

    For long-term storage of logs, Becta suggest that after a period online (for example, 30 days for the purpose of ease of access) log files should be recorded onto 2 separate CDs or DVDs (NOT re-writeables). The aim, in the case of data being used in evidence, is to be able to say that the data was created by a secure data source, copied very quickly to a secure central server, and then put on indelible media so you can demonstrate that the data was not subsequently changed.

  3. Thanks to Geoff from:

    sjl (9th July 2009)

  4. #3
    Hollie1985's Avatar
    Join Date
    Mar 2009
    Sutton Coldfield
    Thank Post
    Thanked 24 Times in 14 Posts
    Blog Entries
    Rep Power
    questions that keep cropping up on retention policies for email/internet there are lots of products out there to help with this kind of stuff having a descent archive preferbly approved from the gartner quadrant is a good starting point not even expensive nowadays either these days they are built around school ict policies if you looking in the right places

  5. Thanks to Hollie1985 from:

    sjl (9th July 2009)

  6. #4

    Join Date
    Aug 2005
    Thank Post
    Thanked 529 Times in 452 Posts
    Blog Entries
    Rep Power
    It's not really the product that matters, it's what you do with it and no product (Gartner recommended or otherwise!) really helps make the decisions about what's appropriate for your institution.

    Can you also stop chucking in references to Gartner; it's generally seen as an indication of cr*pness; almost everything ever published by Gartner is just marketing nonsense which has little if any real value!

  7. Thanks to srochford from:

    sjl (9th July 2009)

+ Post New Thread

Similar Threads

  1. Replies: 6
    Last Post: 30th January 2009, 03:23 PM
  2. Data Retention Policies.
    By Geoff in forum School ICT Policies
    Replies: 11
    Last Post: 13th June 2007, 11:45 PM
  3. Data Retention Policies?
    By Geoff in forum School ICT Policies
    Replies: 3
    Last Post: 1st May 2007, 01:12 PM
  4. Web Filter
    By Jackd in forum Windows
    Replies: 9
    Last Post: 26th March 2007, 10:23 AM
  5. Data retention
    By Dos_Box in forum School ICT Policies
    Replies: 21
    Last Post: 27th March 2006, 09:40 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts