[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$feGBFdgptM_VtoWLKAvc7cJYaYoYZYUFzcs0Rp4z75QU":3},{"tableOfContents":4,"markDownContent":5,"htmlContent":6,"metaTitle":7,"metaDescription":7,"wordCount":8,"readTime":9,"title":10,"nbDownloads":11,"excerpt":7,"lang":12,"url":13,"intro":14,"featured":4,"state":15,"author":16,"authorId":17,"datePublication":21,"dateCreation":22,"dateUpdate":23,"mainCategory":24,"categories":44,"metaDatas":50,"imageUrl":7,"imageThumbUrls":51,"id":52},false,"**Logs** or **connection logs** are **records of user activities**, **anomalies** and **events linked to the security** of an IT environment (software, operating system, application, website, etc.).\r\n \r\nTheir retention is **mandatory** in certain cases and **strongly recommended** for security reasons. **The objective is to guarantee the proper use of the IT system**.\r\n \r\nThe Frecnh data protection authority, the CNIL [recommends](https://www.cnil.fr/sites/default/files/atoms/files/recommandation_-_journalisation.pdf) that these technical logs or traces should be kept for a **rolling period of six months to one year** unless there is a legal obligation to do so or you can prove that certain risks can only be covered by extending this period.\r\n \r\nThe following table summarises the recommendations:\r\n\r\n| **Minimum duration** | **Maximum duration** | **Conditions** |\r\n| --- | --- | --- | --- |\r\n| Standard\" logging | 6 months | 1 year |\r\n| 6 months | 1 year | The logs must not include personal data from the main processing operation |\r\n| Logging of processing operations subject to \"internal control\" measures | 6 months | 3 years in the most common cases | Demonstrate the risk of misappropriation for the data subjects and have documented analysis and investigation procedures |\r\n| Logging of processing operations with specific characteristics | 6 months | To be defined in the case of a case-by-case analysis | Existence of a specific characteristic which may, for example, be a legal obligation to retain data, a specific purpose or a threat situation which justifies an extension |\r\n\r\nWhat must be retained: at the very least, **user access** including their **identifier**, the **date and time** of their **connection**, and the date and time of their **disconnection**;\r\n \r\nIn some cases, it may also be useful to keep **details of the operations** carried out by the user, the **types of data consulted** and the **reference of the record concerned**.","\u003Cp>\u003Cstrong>Logs\u003C/strong> or \u003Cstrong>connection logs\u003C/strong> are \u003Cstrong>records of user activities\u003C/strong>, \u003Cstrong>anomalies\u003C/strong> and \u003Cstrong>events linked to the security\u003C/strong> of an IT environment (software, operating system, application, website, etc.).\u003C/p>\r\n\u003Cp>Their retention is \u003Cstrong>mandatory\u003C/strong> in certain cases and \u003Cstrong>strongly recommended\u003C/strong> for security reasons. \u003Cstrong>The objective is to guarantee the proper use of the IT system\u003C/strong>.\u003C/p>\r\n\u003Cp>The Frecnh data protection authority, the CNIL \u003Ca href=\"https://www.cnil.fr/sites/default/files/atoms/files/recommandation_-_journalisation.pdf\" rel=\"nofollow\">recommends\u003C/a> that these technical logs or traces should be kept for a \u003Cstrong>rolling period of six months to one year\u003C/strong> unless there is a legal obligation to do so or you can prove that certain risks can only be covered by extending this period.\u003C/p>\r\n\u003Cp>The following table summarises the recommendations:\u003C/p>\r\n\u003Ctable>\r\n\u003Cthead>\r\n\u003Ctr>\r\n\u003Cth>\u003Cstrong>Minimum duration\u003C/strong>\u003C/th>\r\n\u003Cth>\u003Cstrong>Maximum duration\u003C/strong>\u003C/th>\r\n\u003Cth>\u003Cstrong>Conditions\u003C/strong>\u003C/th>\r\n\u003Cth>\u003C/th>\r\n\u003C/tr>\r\n\u003C/thead>\r\n\u003Ctbody>\r\n\u003Ctr>\r\n\u003Ctd>Standard\" logging\u003C/td>\r\n\u003Ctd>6 months\u003C/td>\r\n\u003Ctd>1 year\u003C/td>\r\n\u003Ctd>\u003C/td>\r\n\u003C/tr>\r\n\u003Ctr>\r\n\u003Ctd>6 months\u003C/td>\r\n\u003Ctd>1 year\u003C/td>\r\n\u003Ctd>The logs must not include personal data from the main processing operation\u003C/td>\r\n\u003Ctd>\u003C/td>\r\n\u003C/tr>\r\n\u003Ctr>\r\n\u003Ctd>Logging of processing operations subject to \"internal control\" measures\u003C/td>\r\n\u003Ctd>6 months\u003C/td>\r\n\u003Ctd>3 years in the most common cases\u003C/td>\r\n\u003Ctd>Demonstrate the risk of misappropriation for the data subjects and have documented analysis and investigation procedures\u003C/td>\r\n\u003C/tr>\r\n\u003Ctr>\r\n\u003Ctd>Logging of processing operations with specific characteristics\u003C/td>\r\n\u003Ctd>6 months\u003C/td>\r\n\u003Ctd>To be defined in the case of a case-by-case analysis\u003C/td>\r\n\u003Ctd>Existence of a specific characteristic which may, for example, be a legal obligation to retain data, a specific purpose or a threat situation which justifies an extension\u003C/td>\r\n\u003C/tr>\r\n\u003C/tbody>\r\n\u003C/table>\r\n\u003Cp>What must be retained: at the very least, \u003Cstrong>user access\u003C/strong> including their \u003Cstrong>identifier\u003C/strong>, the \u003Cstrong>date and time\u003C/strong> of their \u003Cstrong>connection\u003C/strong>, and the date and time of their \u003Cstrong>disconnection\u003C/strong>;\u003C/p>\r\n\u003Cp>In some cases, it may also be useful to keep \u003Cstrong>details of the operations\u003C/strong> carried out by the user, the \u003Cstrong>types of data consulted\u003C/strong> and the \u003Cstrong>reference of the record concerned\u003C/strong>.\u003C/p>\r\n",null,289,2,"Connection logs",0,"en","connection-logs","Connection logs are an essential security measure.","Published",{"id":17,"displayName":18,"avatarUrl":19,"bio":7,"blogUrl":7,"color":7,"userId":17,"creationDate":20},38,"Paul-Emmanuel Bidault","https://static.dastra.eu/tenant-27/avatar/38/paul-emmanuel-bidault-150.jpg","2019-12-03T19:09:28","2023-12-27T13:33:15.108","2023-12-27T14:33:13.78041","2023-12-27T14:36:54.090429",{"id":25,"name":26,"description":27,"url":28,"color":29,"parentId":7,"count":7,"imageUrl":30,"parent":7,"order":11,"translations":31},21,"Glossary","Definition of every word used by Dastra","glossary","#643bb0","https://static.dastra.eu/tag/b308b9d3-37af-4e92-8354-ab8adec1740a/documentation-1000.png",[32,36,40],{"lang":33,"name":34,"description":35},"fr","Glossaire","La définition de tous les termes utilisés dans Dastra",{"lang":37,"name":38,"description":39},"es","Glosario","La definición de todos los términos utilizados en Dastra",{"lang":41,"name":42,"description":43},"de","Glossar","Die Definition aller in Dastra verwendeten Begriffe",[45],{"id":25,"name":26,"description":27,"url":28,"color":29,"parentId":7,"count":7,"imageUrl":30,"parent":7,"order":11,"translations":46},[47,48,49],{"lang":33,"name":34,"description":35},{"lang":37,"name":38,"description":39},{"lang":41,"name":42,"description":43},[],[],56342]