Guidelines for Retention of Security Log Data

Category: Information Technology

Responsible Office: Enterprise Infrastructure Services

Responsible Executive: Vice President and Chief Information Officer (VPCIO)

Date Established: January 23, 2019

Date Updated: May 10, 2024

On this page:

Summary

The retention of security log data is specified in this guideline. The guideline supplements the Log Access and Data Retention Policy.

Back to Top

Guideline Statement

In accordance with the New York State Information Technology Standard, Security Logging, “within the consolidated log infrastructure, logs must be maintained and readily available for a minimum of 92 days.” Information Technology adheres to this standard, except:

  • GLBA log files must be retained for a minimum of 6 years.
  • HIPAA log files must be retained for a minimum of 6 years.
  • NIST log files must be retained for a minimum of 3 years.
  • PCI DSS log files must be retained for a minimum of 1 year.

Back to Top

Contact Information

Vice President and Chief Information Officer (VPCIO)
Phone: 716-645-7979
Email: cio@buffalo.edu

Information Security Office - Privacy Contact
Phone: 716-645-6997
Email: privacy@buffalo.edu

Back to Top

Related University Policies

Back to Top

Related Documents

Back to Top

Zoom image: Autosave chat sessions to 'Documents' Autosave chat sessions to 'Documents'.
Zoom image: Save chat archives to Save chat archives to.
Zoom image: Save chat sessions to Cisco Jabber Chats folder Save chat sessions to Cisco Jabber Chats folder.