Isaca Certified Information Systems Auditor CISA Question # 378 Topic 39 Discussion
CISA Exam Topic 39 Question 378 Discussion:
Question #: 378
Topic #: 39
Which of the following is the MOST important consideration when evaluating the data retention policy for a global organization with regional offices in multiple countries?
A.
The policy aligns with corporate policies and practices.
B.
The policy aligns with global best practices.
C.
The policy aligns with business goals and objectives.
D.
The policy aligns with local laws and regulations.
The data retention policy for a global organization with regional offices in multiple countries should align with local laws and regulations, as they may vary significantly from one country to another and may impose different requirements and penalties for non-compliance. The policy should also consider the corporate policies and practices, the global best practices, and the business goals and objectives, but these are secondary to the legal compliance. References: CISA Review Manual (Digital Version), Chapter 5: Protection of InformationAssets, Section 5.3: Data Classification and Protection
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit