Security & DevSecOps Practical By Samson Tanimawo, PhD Published Dec 22, 2025 4 min read

Audit Log Retention

Audit logs and retention. The policy.

Hot 90 days

Queryable from dashboard.

For active investigation.

Warm 1 year

Queryable via API.

For periodic compliance.

Cold 7 years

Object storage.

SOC2 minimum; longer for some compliance.