Log Retention Schedule
Log Retention Schedule¶
2025.1
Overview¶
This document defines the retention periods for all types of logs, audit trails, and security records maintained by Niche Studio. Retention periods are established based on business requirements, regulatory compliance obligations, and operational needs.
Log Categories and Retention Periods¶
Security and Audit Logs¶
| Log Type | Local Storage | Warm Storage (Wasabi) | Cold Storage | Total Retention | Compliance Driver |
|---|---|---|---|---|---|
| Authentication Logs | 30 days | 1 year | 2 years | 3 years | SOC 2, ISO 27001 |
| Authorization Logs | 30 days | 1 year | 2 years | 3 years | SOC 2, ISO 27001 |
| System Access Logs | 30 days | 1 year | 2 years | 3 years | SOC 2, ISO 27001 |
| Administrative Actions | 30 days | 1 year | 2 years | 3 years | SOC 2, ISO 27001 |
| Security Events | 30 days | 1 year | 2 years | 3 years | SOC 2, ISO 27001 |
| Firewall Logs | 30 days | 1 year | 2 years | 3 years | SOC 2, ISO 27001 |
| VPN Connection Logs | 30 days | 1 year | 2 years | 3 years | SOC 2, ISO 27001 |
| Database Access Logs | 30 days | 1 year | 2 years | 3 years | SOC 2, ISO 27001 |
| API Access Logs | 30 days | 1 year | 2 years | 3 years | SOC 2, ISO 27001 |
| Web Application Logs | 30 days | 1 year | 2 years | 3 years | SOC 2, ISO 27001 |
Compliance and Regulatory Logs¶
| Log Type | Local Storage | Warm Storage (Wasabi) | Cold Storage | Total Retention | Compliance Driver |
|---|---|---|---|---|---|
| HIPAA Audit Logs | 30 days | 1 year | 5 years | 6 years | HIPAA |
| PCI DSS Logs | 30 days | 1 year | 1 year | 2 years | PCI DSS |
| GDPR Processing Logs | 30 days | 1 year | 2 years | 3 years | GDPR |
| Australian Privacy Act Logs | 30 days | 1 year | 6 years | 7 years | Privacy Act 1988 |
| Financial Transaction Logs | 30 days | 1 year | 6 years | 7 years | ATO Requirements |
Infrastructure and Application Logs¶
| Log Type | Local Storage | Warm Storage (Wasabi) | Cold Storage | Total Retention | Compliance Driver |
|---|---|---|---|---|---|
| System Performance Logs | 30 days | 3 months | 6 months | 1 year | Operational |
| Application Error Logs | 30 days | 6 months | 1 year | 1.5 years | Operational |
| Network Traffic Logs | 30 days | 1 year | 2 years | 3 years | SOC 2, ISO 27001 |
| Backup Logs | 30 days | 1 year | 2 years | 3 years | Operational |
| Deployment Logs | 30 days | 6 months | 1 year | 1.5 years | Operational |
| Monitoring and Alerting Logs | 30 days | 6 months | 1 year | 1.5 years | Operational |
Physical Security Logs¶
| Log Type | Local Storage | Warm Storage (Wasabi) | Cold Storage | Total Retention | Compliance Driver |
|---|---|---|---|---|---|
| Access Control Logs | 30 days | 3 months | 6 months | 1 year | SOC 2, ISO 27001 |
| Security Camera Footage | 30 days | 3 months | 6 months | 1 year | SOC 2, ISO 27001 |
| Visitor Logs | 30 days | 3 months | 6 months | 1 year | SOC 2, ISO 27001 |
| Key Management Logs | 30 days | 1 year | 2 years | 3 years | SOC 2, ISO 27001 |
Business and Administrative Logs¶
| Log Type | Local Storage | Warm Storage (Wasabi) | Cold Storage | Total Retention | Compliance Driver |
|---|---|---|---|---|---|
| Email Logs | 30 days | 1 year | 2 years | 3 years | SOC 2, ISO 27001 |
| File Access Logs | 30 days | 1 year | 2 years | 3 years | SOC 2, ISO 27001 |
| Print Logs | 30 days | 6 months | 1 year | 1.5 years | Operational |
| User Activity Logs | 30 days | 1 year | 2 years | 3 years | SOC 2, ISO 27001 |
Storage Locations¶
Local Storage (30 days)¶
- Primary log servers
- Application servers
- Security appliances
- Network devices
Warm Storage - Wasabi (1-3 years)¶
- Encrypted log files
- Compressed and indexed
- Searchable and accessible
- Cost-optimized for frequent access
Wasabi Object Storage with Object Lock (1–7 years)¶
- Long-term archival with immutability controls
- Compressed and encrypted
- Rarely accessed
- Cost-optimized for long-term storage
- Immutable retention policies enforced through Object Lock
Log Processing and Archival¶
Automated Processes¶
- Daily: Logs are collected from all systems
- Weekly: Logs are compressed and encrypted
- Monthly: Logs are moved from local to warm storage
- Annually: Logs are moved from warm to cold storage
- End of Retention: Logs are securely deleted
Manual Processes¶
- Incident Response: Logs may be retained longer during investigations
- Legal Hold: Logs may be preserved beyond normal retention periods
- Compliance Audits: Logs may be retained longer during audit periods
Compliance Requirements¶
SOC 2 Type II¶
- Minimum 1 year retention for security logs
- Audit trail integrity requirements
- Immutable log storage
ISO 27001¶
- Minimum 1 year retention for security logs
- Risk management requirements
- Continuous monitoring
HIPAA¶
- Minimum 6 years for audit logs
- Business Associate Agreement requirements
- Breach notification timelines
PCI DSS¶
- Minimum 1 year for payment card logs
- Quarterly security assessments
- Incident response requirements
GDPR¶
- Minimum 1 year for processing logs
- Data subject rights requirements
- Privacy impact assessments
Australian Privacy Act 1988¶
- Minimum 7 years for privacy-related logs
- Notifiable Data Breaches scheme
- Privacy impact assessments
Log Integrity and Security¶
Encryption¶
- All logs encrypted in transit (TLS 1.2+)
- All logs encrypted at rest (AES-256)
- Separate encryption keys for each log type
Access Controls¶
- Role-based access to log systems
- Multi-factor authentication required
- Audit trail for all log access
Integrity Protection¶
- Digital signatures for log files
- Immutable storage for critical logs
- Regular integrity verification
Monitoring and Alerting¶
Retention Monitoring¶
- Automated alerts for retention policy violations
- Regular reports on log storage usage
- Cost monitoring for storage tiers
Compliance Monitoring¶
- Regular audits of retention compliance
- Quarterly reviews of retention policies
- Annual updates to retention schedule
Exceptions and Special Cases¶
Incident Response¶
- Logs related to security incidents may be retained longer
- Legal hold may extend retention periods
- Investigation requirements may override normal retention
Regulatory Changes¶
- Retention periods may be updated based on new regulations
- Compliance requirements may change
- Business requirements may evolve
Storage Limitations¶
- Emergency purging may be required for storage capacity
- Cost optimisation may require earlier deletion
- Technical limitations may affect retention periods
Review and Updates¶
Annual Review¶
- Review all retention periods for compliance
- Update based on regulatory changes
- Assess business requirements
Quarterly Monitoring¶
- Monitor storage usage and costs
- Review compliance with retention policies
- Update automated processes as needed
Ad Hoc Updates¶
- Immediate updates for regulatory changes
- Emergency updates for security incidents
- Business-driven updates for operational needs
Contact Information¶
For questions about log retention policies or procedures:
- Security Team: security@
- Compliance Team: compliance@
- IT Operations: it@
- Legal Questions: legal@
Document Control¶
- Last Updated: 2025.1
- Next Review: Annual
- Approved By: Security Officer
- Version: 1.0