Audit logs must be retained for 1 year after the date of the activity they record.
Audit logs fall under Audit Trails and System Usage Monitoring (GS 14020) on the Washington State Government General Records Retention Schedule:
Disposition Authority Number (DAN) | Description of Records | Retention and Disposition Action |
Designation |
GS 14020 Rev.1 |
Audit Trails and System Usage Monitoring Records documenting the use of the agency's information technology and communication systems to ensure security and appropriate use. Includes, but is not limited to:
Excludes records covered by Internet Browsing (DAN GS 50010). |
Retain for 1 year after date of activity then Destroy. |
NON-ARCHIVAL NON-ESSENTIAL OFM |
Audit logs can be involved in legal holds or public records requests. IT staff may be asked to pull or preserve audit logs for these purposes.
Any audit log involved in a legal hold or public records request must be retained until IT staff are formally given a hold lift notice from the Public Records Officer and/or the Attorney General Office.