CISM Certified Information Security Manager – Question0008 - CISM Certified Information Security Manager

Retention of business records should PRIMARILY be based on:

A. business strategy and direction.
B. regulatory and legal requirements.
C. storage capacity and longevity.
D. business ease and value analysis.

Correct Answer: B

Explanation:

Explanation:
Retention of business records is generally driven by legal and regulatory requirements. Business strategy and direction would not normally apply nor would they override legal and regulatory requirements. Storage capacity and longevity are important but secondary issues. Business case and value analysis would be secondary to complying with legal and regulatory requirements.