Guidelines for Retention of Security Log Data

Category: Information Technology

Responsible Office: Enterprise Infrastructure Services

Responsible Executive: Vice President and Chief Information Officer (VPCIO)

Date Established: January 23, 2019

On this page:


The retention of security log data is specified in this guideline. The guideline supplements the Log Access and Data Retention Policy.

Guideline Statement

In accordance with the New York State Information Technology Standard, Security Logging, “within the consolidated log infrastructure, logs must be maintained and readily available for a minimum of 92 days.” Information Technology adheres to this standard, except as shown below:

  • HIPAA Log Files: Minimum retention 6 years

Contact Information

Office of the Vice President and Chief Information Officer (VPCIO)
517 Capen Hall
Buffalo, NY 14260

Phone: 716-645-7979

Related University Policies

Related Documents