Audit Log Retention Policy Template for New Zealand

1. Business Continuity: Procedures for maintaining audit logs during system outages or disasters. Include if organization has specific business continuity requirements.

2. Cloud Services: Special considerations for audit logs stored in cloud services. Include if organization uses cloud services.

3. Privacy Requirements: Additional privacy considerations for logs containing personal information. Include if logs contain sensitive personal data.

4. Industry-Specific Requirements: Special requirements for regulated industries. Include for financial services, healthcare, or other regulated sectors.

5. External Auditor Access: Procedures for providing audit log access to external auditors. Include if regular external audits are required.

6. Cross-Border Considerations: Requirements for international data transfers. Include if organization operates across multiple jurisdictions.

1. Appendix A - Audit Log Types and Retention Periods: Detailed matrix of different log types and their specific retention periods

2. Appendix B - Technical Requirements: Technical specifications for log format, storage requirements, and system configurations

3. Appendix C - Access Request Form: Standard form for requesting access to audit logs

4. Appendix D - Log Disposal Certificate: Template for documenting the disposal of audit logs

5. Schedule 1 - Compliance Checklist: Checklist for regular compliance reviews

6. Schedule 2 - System Coverage: List of systems and applications covered by the policy