ISO 27001 & 22301 / Retention for SIEM
I am wondering what are the log retention times for SIEM requirements for ISO 27001 implementations in various countries. Thank you for all you have done for us.
Please select user.
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
The identification of such times will depend on the results of risk assessment and applicable legal requirements (i.e., laws, regulations, and contracts), considering each country you want to cover.
As a tip, you could define an initial time retention period (e.g., 1 year) and see if this would fit your business and legal needs, and adjust it in a case by case basis.
For further information, see:
HTML tags are not allowed