MAH005
commented
1 year ago Wissam Moussa:
he Sources of Government and Employee Information , ITSG-33 AU-11 and Event Logging Guidance - the general consensus is a retention period of 2 years of last administrative use with business value in IT or security processes.
We do not need to archive any log or event older than 2 years.
Zeina Matta:
For information and awareness, please note the following retention and disposal standards related to SIC:
Bank Number: SSC PCU 607 - External Credential Management Services Retention and Disposal Standards: On October 16, 2012, Library and Archives Canada approved the amended Records Disposal Authority (RDA) No. 2010/005-1 for records related to government telecommunications and informatics functions, which covers all cyber-authentication files. Most records are retained for a minimum of two (2) years after the last use of the credential. PAIs and MBUNs will be retained, without being linked to an individual, for one (1) year past the sun-setting of the program to avoid duplication.
Bank Number: PSU 905 - Electronic Network Monitoring Logs Retention and Disposal Standards: For information about the length of time that specific types of common administrative records are maintained by a government institution, including the final disposition of those records, please contact the institution’s Access to Information and Privacy Coordinator.
Bank Number: PSU 939 - Security Incidents and Privacy Breaches Retention and Disposal Standards: For information about the length of time that specific types of common administrative records are maintained by a government institution, including the final disposition of those records, please contact the institution’s Access to Information and Privacy Coordinator.
For a listing of identified Personal Information elements currently part of SIC, see SECTION III - ANALYSIS OF PERSONAL INFORMATION ELEMENTS of the PIA. Please note that we will have additional data elements to consider with the new releases.