Are You Into PCI...?

You should be! Here is a fun observation from a just released update to PCI requirements (see here for a full list of changes): the doc now clarifies that "audit logs must be retained for at least one year, with a minimum of three months available online."