An effective information retention policy must be based onbusiness and compliance requirements.These include legal mandates, industry regulations, and internal operational needs that dictate how long data must be retained and when it should be archived or deleted.
While storage needs, backups, or customer expectations matter,only regulatory and business alignment guarantees legal compliance and operational relevance.
[Reference:, CGEIT Review Manual: Domain 2 – IT Resources (Data Governance), COBIT 2019: DSS01 (Manage Operations), DSS06 (Manage Business Process Controls)., , , , ]
Submit