Audit logs must be retained for 1 year after the date of the activity they record.

Audit logs fall under Audit Trails and System Usage Monitoring (GS 14020) on the Washington State Government General Records Retention Schedule:

Disposition Authority Number (DAN) Description of Records Retention and Disposition Action

Designation

GS 14020

Rev.1

Audit Trails and System Usage Monitoring

Records documenting the use of the agency's information technology and communication systems to ensure security and appropriate use.

Includes, but is not limited to:

  • Audit trails;
  • Authorization for and modifications to the configurations and settings of the agency's IT infrastructure (such as firewalls, routers, ports, network servers, etc.);
  • Log-in records, security logs, and system usage files;
  • Internet activity logs (sites visited, downloads/uploads, video/audio streaming, etc.);
  • Fax and telephone logs.

Excludes records covered by Internet Browsing (DAN GS 50010).

Retain for 1 year after date of activity

then

Destroy.

NON-ARCHIVAL

NON-ESSENTIAL

OFM

 

Audit logs can be involved in legal holds or public records requests.  IT staff may be asked to pull or preserve audit logs for these purposes.

Any audit log involved in a legal hold or public records request must be retained until IT staff are formally given a hold lift notice from the Public Records Officer and/or the Attorney General Office.