Hi everyone,
I'm wondering how long other organizations are keeping their PCI trace files? We have kept every single one of our trace files going back to 2011, and although they're not taking up too much room yet, I'm wondering if they can be deleted after a certain age?
Thanks!
~Katie Lachance-Duffy
Philadelphia Regional Arts Consortium
Hi Katie,
I believe requirement 10.7 relate to this, which states:
Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis (for example, online, archived, or restorable from back-up).
Though these trace files need to be copied onto the log server that you have setup so that all audit trails are kept together.
Thanks, Simon! That's exactly what I needed.