Surely one can still have a retention rule that applies to audit trails? Is a retention rule not a description of how long a record will be held?
Regards
Suzy
Suzy Taylor
Records Manager
New College Durham
Framwellgate Moor
Durham
DH1 5ES
Tel: 0191 375 4422
E-mail: [log in to unmask]
"SAVE THE PLANET - PLEASE DO NOT PRINT THIS EMAIL UNLESS STRICTLY NECESSARY"
>>> Marc Fresko <[log in to unmask]> 27/11/2009 21:48 >>>
David,
No. Well, not unless you are being humorous.
In case you are being serious: of course an audit trail is some sort of a
record. But that does not mean that you can treat it with all the
disciplines of "records management" such as its own retention rules. For if
you do apply those disciplines, an audit trail ends up with an audit trail
of its own - which in turn...
Have a nice weekend.
Marc
-----Original Message-----
From: The UK Records Management mailing list
[mailto:[log in to unmask]] On Behalf Of David T. Macknet
Sent: 27 November 2009 19:30
To: [log in to unmask]
Subject: Re: retention of audit trails
Is an audit trail a record in and of itself? If so, it has a retention
period. If not, it gets deleted. Decide and you have the answer.
-David
-----Original Message-----
From: The UK Records Management mailing list
[mailto:[log in to unmask]]On Behalf Of
[log in to unmask]
Sent: Friday, November 27, 2009 7:11 PM
To: [log in to unmask]
Subject: Re: retention of audit trails
I agree with Marc but how about making a copy of the audit trail of all
records deleted in a particular year and keeping such an audit trail for 12
years?. The question to be answered is aftr how long a time period will
people expect to be able to check a record was deleted?
Keith Batchelor
Original Message:
-----------------
From: Marc Fresko [log in to unmask]
Date: Tue, 24 Nov 2009 18:25:43 -0000
To: [log in to unmask]
Subject: Re: retention of audit trails
Please forgive the tardy response but:
In the context of implementing an EDRM system, I'm not sure how you would
implement retention periods that are different for records and for their
audit trails. In fact, if your system allows you to delete audit trail
data, you'd have to consider what integrity it has. I'm not saying it
cannot be done, but I am saying that if you do it you would have to be very
cautious.
By way of illustration, the PRO 2002 specification requirements A.6.5 &
A.6.8 specifically prevent deletion of audit trail information if the
records are still held, and I can see no exception. But the MoReq2
specification requirement 4.2.7 does allow deletion, provided there is some
control such as a certificate that the relevant audit trail had been
scrutinised prior to deletion.
Marc Fresko
-----Original Message-----
From: The UK Records Management mailing list
[mailto:[log in to unmask]] On Behalf Of Caroline Ives
Sent: 20 November 2009 12:29
To: [log in to unmask]
Subject: retention of audit trails
We are currently in the process of implementing a corporate EDRMS and as
part of the set up we have been looking at defining audit trail events,
(essentially capturing any action on the document) and determining how long
these should be retained for.
My initial thought was that this should be kept for the lifetime of the
content
itself, (therefore in line with the retention period for the content).
With each piece of content being subject to many actions, (therefore a new
event audited for each action) and potential retention periods of
permanent/upto 100 years for some content, -I've become very conscious of
how we can try to minimise the amount of audit trail information as it will
become extremely burdensome in terms of storage.
I've since revised this to be for the lifetime of final records only, (as
opposed
to audit trails for document and other content which can be deleted on a
frequent and regular basis - e.g. 2 years).
I just wondered what the general consensus was with regards to practical
retention of audit trail data;is there a way of balancing the need to
minimise
storage of audit trail information with the need to be compliant e.g. with
requirements and standards such as the Legal Admissibility Code of Practice
etc.
Many thanks
Caroline
I'd be grateful to know how other colleagues with corporate wide
implementations of EDRM's have enabled their auditing, (has it been done on
a
blanket wide basis or are there different audit reqs for different
content/depts,
etc.
For any technical queries re JISC please email [log in to unmask]
For any content based queries, please email
[log in to unmask]
For any technical queries re JISC please email [log in to unmask]
For any content based queries, please email
[log in to unmask]
--------------------------------------------------------------------
mail2web LIVE - Free email based on MicrosoftR Exchange technology -
http://link.mail2web.com/LIVE
For any technical queries re JISC please email [log in to unmask]
For any content based queries, please email
[log in to unmask]
For any technical queries re JISC please email [log in to unmask]
For any content based queries, please email
[log in to unmask]
For any technical queries re JISC please email [log in to unmask]
For any content based queries, please email [log in to unmask]
For any technical queries re JISC please email [log in to unmask]
For any content based queries, please email [log in to unmask]
|