Xcavate Audit Trail Retention Matrix

Version: 1.0 Owner: Security Governance Team Review Frequency: Annually Classification: Internal – Confidential

Audit Log Type

Source System(s)

Data Captured

Retention Period

Storage Location

Review Frequency

Responsible Role

Justification / Notes

User Login/Logout Activity

Active Directory, Okta

Username, timestamp, device, location

6 years

Central SIEM (Azure Sentinel)

Monthly

IAM Administrator

FCA accountability and fraud investigation requirements

Privileged User Activity

PAM, AD, CloudTrail

Commands issued, config changes, access scope

6 years

Encrypted Archive Store

Weekly

Security Analyst

NIST AU-3, AU-6; high sensitivity risk

Financial Transactions Access Logs

ERP, Banking Apps

Transaction IDs, changes, values, approvals

7 years

Encrypted Vault (GRC)

Quarterly

Finance & Compliance Officer

FCA requirement for financial record traceability

Security Events (Incidents/Alerts)

SIEM, EDR, Firewall Logs

IPs, user ID, device IDs, alert types, remediation steps

6 years

Security Vault

Weekly

SOC Lead

Retain to demonstrate due diligence in incident response

System Configuration Changes

CMDB, DevOps Tooling

Before/after state, user ID, timestamp

3 years

DevSecOps Archive

Monthly

Change Manager

Supports RCA, patch failures, or integrity validation

Data Access Logs (PII & Confidential)

DLP, Database Audit Logs

File name, table accessed, user ID, operation performed

6 years

Secure Data Lake

Monthly

Data Protection Officer

GDPR & FCA compliance for sensitive data protection

Email & Messaging Logs

M365, Slack

Sender, receiver, subject, timestamp, message metadata

3 years

Archived Messaging Vault

Monthly

IT Operations

FCA misconduct monitoring and discovery support

IAM Recertification Logs

IGA/Access Review Tools

Reviewer, users reviewed, decisions made, timestamps

6 years

IAM Archive

Quarterly

IAM Governance Lead

Audit trail to support access control and recertification processes

Audit Log Integrity Check Records

Log Integrity Checker, SIEM

Hash values, timestamps, verification outcomes

3 years

Audit Control Repository

Monthly

Security Engineer

Supports NIST AU-9 for ensuring log integrity

Retention Policy Notes

  • Retention is based on the highest applicable regulation (FCA, NIST, GDPR).

  • Logs are encrypted at rest and in transit.

  • Immutable storage (e.g., WORM) used for critical categories (security, finance, IAM).

  • Annual purge cycles must be approved by compliance and data protection officer.

PreviousPrivileged User Access Justification FormNextService Continuity and Testing Policy & Procedures

Last updated