Maintenance of records
Recorded Sessions from CCTVs, how long are they required to be kept for? How far back are they to be backed up for ISO 27001, ISO 22301 and PCI all respectively please?
Assign topic to the user
Neither ISO 27001 or ISO 22301 prescribe for how long Recorded Sessions from CCTVs should be kept, but they require an organization to identify applicable legal requirements (e.g., contracts, laws, regulations, etc.) that may define for how long such records must be kept. In case the legal requirements do not specify retention period the organizaton needs to define the retention time based on risk assessment results considering these data and other operational needs.
Regarding PCI DSS v.3.2, clause 9.1.1.c requires that data from video cameras and/or access control mechanisms to be stored for at least three months.
Comment as guest or Sign in
May 21, 2018