Get 4 FREE months of Conformio to implement ISO 27001

Expert Advice Community

Guest

Statement for logs retention periods regarding critical assets

  Quote
Guest
Guest user Created:   Jan 24, 2023 Last commented:   Jan 24, 2023

Statement for logs retention periods regarding critical assets

Hi! I would like to know whether in ISO 27001 from 2022 there is a statement for logs retention periods regarding critical assets? I would like to know what are the minimum requirements (meaning minimum time periods) for keeping logs containing critical data.

0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

Expert
Rhand Leal Jan 24, 2023

ISO 27001 does not prescribe retention periods for logs.

To define proper retention periods, you need to perform a risk assessment and identify applicable legal requirements.

In case your risk assessment and requirements do not provide a proper reference, you can try starting with a retention time of one year.

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 24, 2023

Jan 24, 2023