Gitlab hero border pattern left svg Gitlab hero border pattern right svg

SYS.1.07 - Audit Log Capacity and Retention

SYS.1.07 - Audit Log Capacity and Retention

Control Statement

GitLab allocates audit record storage capacity in accordance with logging storage and retention requirements; Audit logs are retained one year with 90 days of data immediately available for analysis.


While GitLab already maintains a record retention policy, the purpose of this control is to establish required minimum storage and retention requirements for in-scope financial systems to ensure the requirements within the record retention policy align with compliance requirements.


This control applies to SOX and PCI in-scope financial systems.



Additional control information and project tracking

Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the control issue.

Policy Reference

Framework Mapping

PCI DSS V3.2.1: * 10.7