Appendix B: Compliance Considerations : Use Cases: Why Logs Should be Available : Retention
Daily review of logs alone may not be sufficient to detect incidents—they also must be retained for a period consistent with effective use and legal regulations. The laws for log retention range from one year to more than 20 years. Therefore, log archives should always be able for at least one year of history, scheduled to match financial calendar cycles, and with a minimum of three months available for immediate response and review in case of an incident.