Certified Information Systems Auditor (CISA) — Question 244

Which of the following is MOST important to include in a data retention policy to reduce legal liabilities associated with information life cycle management?

Answer options

• A. Ensuring that unnecessary data is not stored.
• B. Reducing the cost of data storage through media sanitization.
• C. Ensuring that personal information is destroyed.
• D. Requiring that data be securely wiped so it cannot be restored for legal discovery.

Correct answer: A

Explanation

The correct answer is A because avoiding the storage of unnecessary data helps to limit exposure to potential legal issues. Options B and D, while relevant to data management, focus more on cost and security rather than directly addressing legal liabilities. Option C, although important, does not comprehensively address the broader scope of unnecessary data retention.