Due to limited storage capacity, an organization has decided to reduce the actual retention period for media containing completed low-value transactions. Which of the following is MOST important for the organization to ensure?
A.
The policy includes a strong risk-based approach.
B.
The retention period complies with data owner responsibilities.
C.
The retention period allows for review during the year-end audit.
D.
The total transaction amount has no impact on financial reporting.
The answer is B. Data owner responsibilities will include compliance with applicable laws and regulations. A risk-based approach is important, but that ought to be included with data owner responsibilities as well.
B. The retention period complies with data owner responsibilities.
When an organization decides to reduce the retention period for media containing low-value transactions due to limited storage capacity, the most important aspect is to ensure that the new retention period complies with data owner responsibilities (Option B). Data owners are accountable for determining the appropriate retention periods for their data based on legal, regulatory, and business requirements. Ensuring compliance with data owner responsibilities helps maintain legal and regulatory compliance, data integrity, and appropriate management of records, even for low-value transactions.
A: a risk-based approach would also assess the impact of the policy on the ability of the data owner to execute his/her responsibilities, in addition to other considerations, like regulation and BCM
B. The retention period complies with data owner responsibilities.
Ensuring that the retention period for media containing completed low-value transactions complies with data owner responsibilities is the most important factor for the organization to consider. The data owner is responsible for determining the appropriate retention period for specific types of data based on legal, regulatory, and business requirements. If the organization reduces the actual retention period for media containing completed low-value transactions, it must ensure that it complies with the data owner's responsibilities and any relevant regulations or laws. Failure to comply with these requirements could result in legal or regulatory penalties, or potentially impact the organization's reputation if sensitive information is compromised.
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
murphseal
Highly Voted 2 years, 4 months agoa84n
Most Recent 8 months, 2 weeks ago5b56aae
8 months, 2 weeks agoSwallows
9 months agolsiau76
1 year, 4 months agoTTH1019
1 year, 7 months agoJayKema
1 year, 7 months ago007Georgeo
1 year, 8 months agoMohamedAbdelaal
1 year, 8 months agosurvivalkit
1 year, 11 months agoDavid_Hu
2 years agoJulianleehk
2 years, 1 month ago