Symptom
Customer is inquiring if SAP SuccessFactors is complying with Indian Computer Emergency Response Team (CERT-In) after it has announced mandatory new cyber security guidelines on 28 April 2022 for all service providers, intermediaries, data centers, body corporate and Government organizations. All service providers, intermediaries, data centers, body corporates and Government organizations are mandated to enable the logs of all their ICT systems and maintain them securely for a rolling period of 180 days.
Environment
SAP SuccessFactors HXM Suite
Resolution
The Change Audit will retain the audit data indefinitely, from the point it is enabled in the instance. It does not have any expiry. So it's better than the 180 days from the guidelines set by Indian Computer Emergency Response Team (CERT-In) from Govt of India.
Keywords
CERT-In, Indian Computer Emergency Response Team, audit log retention, audit logs, audit logs expiry , KBA , LOD-SF-PLT-CHA , Change Audit , How To