Computer Security
Incident Documentation
Reports, logs, extracts and compilations
of data regarding incidents involving
unauthorized attempted entry, probes,
and/or attacks on data processing systems,
information technology systems,
telecommunications networks, and
electronic security systems, including
associated software and hardware.
Comply with applicable provisions of
federal and state laws and regulations
including HIPAA and FERPA regarding
confidentiality of computer-related and
privacy records.
Retain by Office until
incident is resolved,
plus 5 years.
Firewall logs, system auditing logs,
reports, and review reports regarding the
maintenance and security of the computer
system. Comply with applicable
provisions of federal and state laws and
regulations including HIPAA and FERPA
regarding confidentiality of computer-
related and privacy records.
Retain review report
and supporting data for
3 years.
Data System Audit
Trails Files
Consisting of data generated during the
creation of a master file or database used
to validate a master file or database
during a processing cycle. Retained to
create a management audit trail for and to
ensure the quality of data.
Files needed for electronic data audits
such as files or reports showing
transactions accepted, rejected,
suspended, and/or processed; history
files/ tapes; records of online updates to
application files, or security logs.
Retain 5 fiscal years
after closed, terminated,
completed, expired, or
settled and all audit
requirements have been
met.