Uploaded image for project: 'Jira Platform Cloud'
  1. Jira Platform Cloud
  2. JRACLOUD-68267

Jira audit log retention period needs to be increased

XMLWordPrintable

    • 247
    • 165

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem Definition

      Audit logs are of very high value for some customers like information security and auditing businesses. Currently maximum retention period of six months is not enough. 

      Suggested Solution

      Allow admins to increase retention period to up to a year or more.

      Why this is important

      Some businesses need and rely on audit logs to be available for longer periods to comply with business policies.

            [JRACLOUD-68267] Jira audit log retention period needs to be increased

            Shiv Sharma added a comment -

            We need audit log for at least a year for compliance purposes.

            Shiv Sharma added a comment - We need audit log for at least a year for compliance purposes.

            Allie Stewart added a comment -

            Yes, we need to be able to search back at least one year.  And the date search needs to be updated to honor the new century.  When we enter 24-03-10.... it resolves to 1924-03-10.

            Allie Stewart added a comment - Yes, we need to be able to search back at least one year.  And the date search needs to be updated to honor the new century.  When we enter 24-03-10.... it resolves to 1924-03-10.

            agoutham added a comment -

            We need to extend the audit to at least one year. 
             

             

            agoutham added a comment - We need to extend the audit to at least one year.     

            Gowen Pottiez added a comment -

            In order to be PCI DSS compliant, we need to extend the audit to at least one year. 

            Gowen Pottiez added a comment - In order to be PCI DSS compliant, we need to extend the audit to at least one year. 

            Michiel S. added a comment -

            I think the Enterprise tier costs enough to cover the costs of keeping logs for at least 18 months.

            If Atlassian dares to claim this cost is too high for them, why not simply offer a service to store longer for an additional fee for whoever wants or requires that? Or provide connectors to store this in various places companies already have most likely (Elastic, a DB, S3 bucket, etc.)

            Governments, banks, financial institutions, and so on are required by law to keep records for audit purposes and the only way to try and capture it now is through undocumented API calls with an unsafe ORG token (after an admin leaves the token needs to be regenerated and updated wherever it is used.)

            Michiel S. added a comment - I think the Enterprise tier costs enough to cover the costs of keeping logs for at least 18 months. If Atlassian dares to claim this cost is too high for them, why not simply offer a service to store longer for an additional fee for whoever wants or requires that? Or provide connectors to store this in various places companies already have most likely (Elastic, a DB, S3 bucket, etc.) Governments, banks, financial institutions, and so on are required by law to keep records for audit purposes and the only way to try and capture it now is through undocumented API calls with an unsafe ORG token (after an admin leaves the token needs to be regenerated and updated wherever it is used.)

            Huw Evans added a comment -

            We have a banking licence and we need 7 years of auditable data. 

            Huw Evans added a comment - We have a banking licence and we need 7 years of auditable data. 

            Cath Stocker added a comment -

            Audit log retention must be increased to 18 months as a minimum requirement in order for annual regulatory auditing to be carried out as a legal requirement. Thank you.

             

             

            Cath Stocker added a comment - Audit log retention must be increased to 18 months as a minimum requirement in order for annual regulatory auditing to be carried out as a legal requirement. Thank you.    

            Shivkumar Kachapur added a comment - - edited

            https://getsupport.atlassian.com/browse/CES-13568

            As an Enterprise customer, this feature is crucial from our customer point of view please consider adding this feature as and when possible.

            Shivkumar Kachapur added a comment - - edited https://getsupport.atlassian.com/browse/CES-13568 As an Enterprise customer, this feature is crucial from our customer point of view please consider adding this feature as and when possible.

            Jimmy Shehu added a comment -

            Based on the plan (Free, Premium, Enterprise) this should be increased. 6 months is too short for compliance and legal reasons.

            Jimmy Shehu added a comment - Based on the plan (Free, Premium, Enterprise) this should be increased. 6 months is too short for compliance and legal reasons.

            PANUNITED SERVICEDESK added a comment - - edited

            need to be at least 1 year to 1.5yrs for audit and compliance. 6 mth is too short.

            PANUNITED SERVICEDESK added a comment - - edited need to be at least 1 year to 1.5yrs for audit and compliance. 6 mth is too short.

              Unassigned Unassigned
              akhan@atlassian.com Asim K
              Votes:
              188 Vote for this issue
              Watchers:
              128 Start watching this issue

                Created:
                Updated: