Are there any set guidelines for the length of time we should be retaining logs for web requests? Also how long do we have to retain archived emails for? How long should we be keeping hold of student user areas after they have left?
Printable View
Are there any set guidelines for the length of time we should be retaining logs for web requests? Also how long do we have to retain archived emails for? How long should we be keeping hold of student user areas after they have left?
*Dons security hat*
If you collect the audit logs from your system for a month and during that month no incidents have occurred, you could archive the data offline and retain it for one academic year (recorded in one-month intervals). If an event happened in a subsequent period, it would be necessary to go back to check if any previous pattern existed or if this was an isolated event. In such cases the archive schedule would likely provide an acceptable and relevant data set. This should be outlined in the audit logging policy.
If a breach of the acceptable use policy had occurred, you would need to extract all the related data surrounding that particular incident and create a case file. As you would not know at the outset whether the breach might result in a court case, you should archive this set of records for a period of not less than seven years. This is a common practice similar to email retention in regulated industries.
Note that the seven-year retention times only apply to logging of actual events (breaches of the acceptable use policy). The regulatory policy is not intended to collect every bit of log data and retain it for extended periods.
For long-term storage of logs, Becta suggest that after a period online (for example, 30 days for the purpose of ease of access) log files should be recorded onto 2 separate CDs or DVDs (NOT re-writeables). The aim, in the case of data being used in evidence, is to be able to say that the data was created by a secure data source, copied very quickly to a secure central server, and then put on indelible media so you can demonstrate that the data was not subsequently changed.
questions that keep cropping up on retention policies for email/internet there are lots of products out there to help with this kind of stuff having a descent archive preferbly approved from the gartner quadrant is a good starting point not even expensive nowadays either these days they are built around school ict policies if you looking in the right places
It's not really the product that matters, it's what you do with it and no product (Gartner recommended or otherwise!) really helps make the decisions about what's appropriate for your institution.
Can you also stop chucking in references to Gartner; it's generally seen as an indication of cr*pness; almost everything ever published by Gartner is just marketing nonsense which has little if any real value!