Audit records are retained to provide support for investigations of information security events and to meet university record retention requirements.


  • This Control applies to all Texas A&M University information resources storing or accessing Critical or Confidential data.

  • The intended audience is information resource custodians who are responsible for the installation of new information resources, the operations of existing information resources, and individuals accountable for information resources security


  • 1

    The information resource custodian is responsible for:

    • 1.1

      Retaining audit records to provide support for after-the-fact investigations of information security incidents and to meet university record retention requirements:

      • 1.1.1

        Records include system, application, and database-level audit logs and logs for network devices.

    • 1.2

      Archiving audit records for a period of no less than 30 days online;

    • 1.3

      Maintaining audit records associated with known incidents, including those used for legal action, until the incident is closed; and

    • 1.4

      Disposal of audit records when the retention time has expired.