GitLab allocates audit record storage capacity in accordance with logging storage and retention requirements; Audit logs are retained one year with 90 days of data immediately available for analysis.
While GitLab already maintains a record retention policy, the purpose of this control is to establish required minimum storage and retention requirements for in-scope financial systems to ensure the requirements within the record retention policy align with compliance requirements.
This control applies to SOX and PCI in-scope financial systems.
Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the control issue.
PCI DSS V3.2.1: * 10.7