Certified in Risk and Information Systems Control (CRISC) — Question 927

Which of the following should be accountable for ensuring that media containing financial information are adequately destroyed per an organization’s data disposal policy?

Answer options

• A. Data owner
• B. Chief information officer (CIO)
• C. Data architect
• D. Compliance manager

Correct answer: A

Explanation

The data owner is accountable for the management and protection of the information, including ensuring that it is destroyed in accordance with the data disposal policy. The CIO oversees IT strategies but may not directly handle data disposal. The data architect focuses on data structuring and systems, while the compliance manager ensures regulations are met but does not typically manage the actual data destruction process.