ediverse Explore the platform

Spotlight PEPPOL BIS Billing 3.0 The EU e-invoicing mandate is here — France Sept 2026, Belgium Jan 2026, Germany 2025.

AUDIT-LOG-RETENTION

Policy for audit log retention duration.

Definition

Typical durations: 90 days (PCI-DSS minimum), 1 year (PCI-DSS recommendation), 6 years (HIPAA US Healthcare), 7 years (SOX US Finance), 10 years (KYC AMLD5 EU). Storage: hot tier (S3 IA), cold tier (Glacier), tamper-evident (S3 Object Lock WORM, Cloud Storage Bucket Lock).

Origin

Practice formalised in NIST SP 800-92 (Log Management).

Example in context

A bank retains SWIFT audit logs 10 years (KYC) with S3 Glacier Deep Archive.

Last updated: May 15, 2026