Certified Information Systems Auditor (CISA) — Question 984

Which of the following is MOST important to consider when establishing the retention period for customer data within a specific database or application?

Answer options

• A. Enterprise classification level
• B. System performance
• C. Hardware capacity
• D. Minimum regulatory requirements

Correct answer: D

Explanation

The correct answer is D, as minimum regulatory requirements dictate how long customer data must be retained to comply with laws and regulations. While enterprise classification level, system performance, and hardware capacity are relevant considerations, they do not take precedence over legal obligations concerning data retention.