Certified Information Systems Auditor (CISA) — Question 624

Which of the following is the MOST effective control to ensure electronic records beyond their retention periods are deleted from IT systems?

Answer options

• A. Execute all data deletions at a predefined month during the year.
• B. Build in system logic to trigger data deletion at predefined times.
• C. Review the record retention register regularly to initiate data deletion.
• D. Perform a sample check of current data against the retention schedule.

Correct answer: B

Explanation

The correct answer, B, ensures that data deletion is automated and occurs at specific times, which reduces the risk of human error and oversight. Options A and C rely on manual processes that can lead to inconsistencies, while D only provides a snapshot and does not actively manage the deletion of records.