Expert Advice Community

Guest

Maintenance of records

  Quote
Guest
Guest user Created:   May 21, 2018 Last commented:   May 21, 2018

Maintenance of records

We received this question:
Recorded Sessions from CCTVs, how long are they required to be kept for? How far back are they to be backed up for ISO 27001, ISO 22301 and PCI all respectively please?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 21, 2018

Neither ISO 27001 or ISO 22301 prescribe for how long Recorded Sessions from CCTVs should be kept, but they require an organization to identify applicable legal requirements (e.g., contracts, laws, regulations, etc.) that may define for how long such records must be kept. In case the legal requirements do not specify retention period the organizaton needs to define the retention time based on risk assessment results considering these data and other operational needs.

Regarding PCI DSS v.3.2, clause 9.1.1.c requires that data from video cameras and/or access control mechanisms to be stored for at least three months.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 21, 2018

May 21, 2018

Suggested Topics

Guest user Created:   Feb 28, 2018 ISO 27001 & 22301
Replies: 1
0 0

Maintenance of records

Guest user Created:   Apr 19, 2017 ISO 27001 & 22301
Replies: 1
0 0

Records maintenance

Guest user Created:   Sep 24, 2021 ISO 27001 & 22301
Replies: 1
0 0

Documentation of requirements