Log Management Retention Requirements

Many companies and organizations use log management as a post-incident analysis tool in the investigation of security breaches. However, major compliance regulations view event logs in a completely different way. Event log data is a must have tool to analyze who exercised what privileges and accessed confidential information, at any given point in time, to ensure continuous compliance.

Automated Event Log Management Solutions are used to facilitate the most difficult job in any compliance process. Regular review and correlation of event data through merging and archiving of events from multiple systems and separation of the most critical 1% of activities from useless 99% of noise. From the compliance perspective, event log management is: Collection (Consolidation), Archiving (Retention), Audit Reporting, and Monitoring (Alerting).

On September 20th, 2016, Digital Edge released an article on Log Management Laws and Regulations. Below is a little "Cheat Sheet" on the Event Log Retention Requirements as mandated by major compliance regulations:


Retention Requirement


7 years


1 year


7 years

ISO 27001

3 years


3 years

GPG 13

3+ months 


3 years


6 years

DoDI 8500.2

5 years


3 years

Digital Edge's new product, LogIT assists our clients uncover the value of something that already exists, but is not visible in their information technology environment's plethora of valuable information. Digital Edge ensures that our clients will get the most out of their application, system, and security logs. In addition to collecting and storing logs, LogIT will help expose the full use of logs and machine data for network protection and compliance.
If you feel that you need assistance from the Digital Edge team, please contact us through Digital Edge's website at Also, please check out Digital Edge's Log Management Assessment Tool, to assess your Log Management needs and budget the project!
Michael Petrov
Founder, Chief Executive Officer

Michael brings 30 years of experience as an information architect, optimization specialist and operations’ advisor. His experience includes extensive high-profile project expertise, such as mainframe and client server integration for Mellon Bank, extranet systems for Sumitomo Bank, architecture and processing workflow for alternative investment division of US Bank. Michael possesses advanced knowledge of security standards such as ISO 27001, NIST, SOC and PCI that brings into any solutions delivered by Digital Edge. Security solutions and standards are expended into public cloud such as AWS and Azure.

Was this article helpful?