An organization’s data retention policy states that all data will be backed up, retained for 10 years, and then destroyed. When conducting an audit of the long-term offsite backup program, an IS auditor should:
A. verify that business owners review data before it is destroyed.
B. verify that there is a process to ensure readability and restore capability.
C. confirm that business interruption insurance coverage is in place.
D. review data classification schemes for appropriate security levels.
A. verify that business owners review data before it is destroyed.
B. verify that there is a process to ensure readability and restore capability.
C. confirm that business interruption insurance coverage is in place.
D. review data classification schemes for appropriate security levels.