Log-Retention & Privacy
Retention rules for Logs, audit data and Privacyanforderungen.
Quick overview
This page describes the working standard for Log-Retention & Privacy – with a focus on concrete decisions rather than general guidance.
The main focus here is how long logs remain available and wer logs einsehen/exportieren darf so that teams apply the same standard.
The standard only becomes traceable through linked evidence such as retention-konfiguration and through documented edge cases/exceptions.
When this page helps
Typical situations in which this page adds value as a working document, and where another document is more appropriate.
Typical use cases
- when for Log-Retention & Privacy technical standards about log-retention, personenbezogene daten and zugriff must be documented in a binding way
- when team handovers or temporary cover the same process for which logs such as long remain should be able to execute safely
- when incidents or Changes show that evidence such as retention-konfiguration are still missing
- when configuration or operational deviations (e.g. logs be länger kept as necessary) occur repeatedly
Less suitable when
- when Log-Retention & Privacy only about a one-off individual case without need for standardization applies
- when a detailed project ticket or a technical step-by-step guide is the better fit
Recommended process
A pragmatic sequence that works in practice, from scope to review.
- capture the current state and scope for Log-Retention & Privacy capture, including log-retention, personenbezogene daten and zugriff and critical dependencies.
- define the target state and standards; key decisions include which logs such as long remain.
- test changes in a controlled way (Staging, Testsystem or Checklist) and Ergebnis document.
- implement in production, run follow-up checks, and retention-konfiguration + approvals for logzugriffe link.
- Monitoring/Reviews auswerten and recurring Befunde such as „Logs be länger kept as necessary“ in the standard einarbeiten.
Decision rules
Log-Retention & Privacy is well documented, when rules, Edge cases and Evidence so clearly are, dass teams so that without additional coordination work can.
scope
For Log-Retention & Privacy first define the scope clearly: Log-Retention, personenbezogene Daten and Zugriff.
Priorities
decisions about which logs such as long remain and wer logs einsehen/exportieren darf not implizit lassen, sondern roles and approvals explicitly benennen.
Exceptions
Allow exceptions only if they do not dilute the standard; especially relevant here are retention periods and audit-logik.
Evidence logic
Verifiable is the rule only, when retention-konfiguration and approvals for logzugriffe cleanly verlinkt are.
What should be documented
Here only the spezifischen Inhalte about Log-Retention & Privacy maintain; general documentation rules remain in the centraln guideline. Central guideline.
The page is good when a substitute can apply or review the standard without first collecting tribal knowledge.
scope & terms
terms, scope and boundaries about Log-Retention & Privacy specify in concrete terms, including log-retention, personenbezogene daten and zugriff.
Binding rules
Den standard so record, dass which logs such as long remain and such as datenschutz-exceptions gehandhabt be eindeutig entschieden are.
Evidence & filing
Name and link evidence directly: Retention-Konfiguration, approvals for Logzugriffe, Prüfafterweise/Löschprotokolle.
Exceptions & Historie
Aktive Exceptions, the latest change and the next review belong on the page—especially for topics with retention periods and audit-logik.
Common pitfalls
This section captures real-world pitfalls from Log-Retention & Privacy; general guidance belongs in the central guideline. Central guideline.
- scope driftet: Logs be länger kept as necessary.
- the rule is too abstract: Logzugriffe are not traceable.
- evidence is missing: retention periods are documented, but technisch not umgesetzt.
- the exception gets out of control: staging and production drift apart.
Moodle reference (official docs 5.1)
Kurze Verweise on the offizielle Moodle documentation for Log-Retention & Privacy. So remains this Page AFANDI-spezifisch and vermeidet doppelte Grundlagen.
Official references
Documentation focus
- Aufbewahrung, Zugriff and Privacybezug the Logs document (wer, such as long, wofür).
- UI path, role and test case record explicitly (not only the desired target state).
- Mark deviations from AFANDI standards separatelyely so that updates remain easier to review.
Review & maintenance
Check this Page gegen reale processes about Log-Retention & Privacy – not only gegen the Wortlaut. Entscheidend is, ob standard, Exceptions and Evidence in the Alltag contribute.
- Stimmen Retention-Werte with requirements?
- Are Logzugriffe auditiert?
- Were Privacyänderungen eingearbeitet?
- Stimmen Konfiguration and documentation match?
Review focus for „Log-Retention & Privacy“: Moodle-Operations; check especially log-retention, personenbezogene daten and zugriff.
Useful metrics
A few metrics are enough – what matters is that they trigger decisions or improvements.
For „Log-Retention & Privacy“ Kennzahlen directly an which logs such as long remain and the most frequent Praxisrisiken koppeln.
Logzugriffe documented
Anteil Logzugriffe with Ticket/Grund
Interval: monthly
Retention-Compliance
Anteil Logtypen with confirmeder Fristkonfig
Interval: quarterly
Privacy-cases
Anzahl Privacybezogener Logthemen
Interval: monthly
Next steps
Add jetzt the concrete Entscheidung about which logs such as long remain incl. Verantwortlichen, Datum and Verweis on retention-konfiguration.
On „Log-Retention & Privacy“ make especially clear as the next step: which log-retention, personenbezogene daten and zugriff apply in the standard case and which exceptions are time-limited.