CISM Certified Information Security Manager – Question0858

Which of the following should be the MOST important criteria when defining data retention policies?

A.
Capacity requirements
B. Audit findings
C. Regulatory requirements
D. Industry best practices

Correct Answer: C