How are session recordings typically retained in CyberArk?

In CyberArk, session recordings are retained based on organizational policy, allowing the organization to tailor the retention period to meet its specific regulatory, compliance, and operational needs. This means that organizations can establish guidelines that dictate how long recordings should be stored, which can range from a few days to several years, depending on the sensitivity of the information and the governing regulations.

This approach ensures that organizations manage their data storage effectively while complying with legal requirements and internal security protocols. As a result, session recordings are not retained indefinitely, nor are they limited to the duration of software updates or merely kept based on user requests. Instead, the focus is on aligning retention practices with the organization's strategic goals and compliance framework.