CISA Certified Information Systems Auditor – Question0415

An IS auditor is conducting a review of an organization’s information systems and discovers data that is no longer needed by business applications. Which of the following would be the IS auditor’s BEST recommendation?

A.
Ask the data custodian to remove it after confirmation from the business user.
B. Assess the data according to the retention policy.
C. Back up the data to removable media and store in a secure area.
D. Keep the data and protect it using a data classification policy.

Correct Answer: A