Business Problem
SailPoint is currently considering retention requirements for our records that track historical access requests and approvals. We are looking to balance system performance, information density, and customer value and need your input as we design a pruning process for completed access requests and approvals.
Proposed Approach
Our hypothesis is that a retention period of a full year plus the current month-to-date (~13 months) is the right balance of surfacing insights our customers need immediate access to in the UI without overburdening page performance.
The scope for this change includes:
- the request records shown in My Requests to requesters and requestees
- the corresponding request records in Access Request Administration visible to admins
- the Reviewed tab of approvals visible to the person who made the approve/deny decision
Note: This change will not impact audit event records. In fact, those events already follow a 12-month + current month-to-date retention policy, with an offline archive of up to 5 years (available on request through a support ticket).
Get Involved
We’d like your input on this proposal. Please complete the linked survey (should take 5 minutes or less) to help us understand:
- Is the proposed retention period sufficient?
- What do your users use these records for?
- Do older request/approval records need to be retained in an offline, requestable format, similar to our audit event process, or are those audit events sufficient for historical investigations?
- For the access request records that we recently started creating to represent auto-cancelled (no-op) duplicate requests, would it be reasonable for us to prune those after a shorter duration – like 30 or 90 days?
Survey Link: Records Retention Survey
After you take the survey, if you find you have more info to share, feel free to grab some time with me with this Calendly link!
Thank you so much for your feedback!