Retention requirements for decommissioned Password (Vault) Solution

  • Are there any retention requirements for a Password (Vault) solution that is being decommissioned? Do we have to keep the device/solution online for future examinations? Although the system retains no transaction data–it did contain passwords for transaction systems. As such was in scope for SOX and we suspect the new/replacement solution will be in scope as well.

Log in to reply