Sally has detected evidence of a security breach that occurred about five months ago. She intends to perform an incident investigation but is apprehensive about whether the data still exists. Which policy determines the duration for which logs and other data are retained in most organizations?

Organizations devise retention policies for different data categories and systems. Many establishments adopt retention policies ranging from 30 to 365 days, with some information being required to be preserved for longer periods due to legal or compliance reasons. Sally's organization might retain logs for as little as 30 days, depending on storage constraints and business requirements. Data classification policies have an impact on how data is secured and managed. Backup policies determine how long backups are kept and rotated and may affect data if the logs are included in the backup. However, backing up logs is an infrequent practice due to the space they occupy compared to their value. Legal hold practices are common, but policies are usually not defined for legal holds since the requirements are mandated by law.