Question AAAI-19
Describe or provide a reference to the retention period for those logs, how logs are protected, and whether they are accessible to the customer (and if so, how).
| Weight | 25 |
| High Risk | No |
| Required | Yes |
| Compliant Answer | Yes |
Standard Guidance
Ensure that all elements of AAAI-19 are clearly stated in your response.
Answering "NO"
EDUCAUSE provides no guidance here
Answering "YES"
EDUCAUSE provides no guidance here
Reason for Question
There are multiple components of this question. When assessing, ensure that the vendor responds to them all. Logs that are not properly managed may not be available when needed. The purpose of this question is to ensure that the vendor has a proper security mindset to ensure proper monitoring practices.
Follow-Up Inquiries
Follow-up inquiries for logging details will be institution/implementation specific.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]