Data retention and destruction policies should meet all of the following requirements EXCEPT?
Data retention and destruction policies should meet all of the following requirements EXCEPT?
Documentation related to audit controls (third-party or internal) should not be saved in a non-permanent format by default. Audit control documentation is critical for verifying and demonstrating compliance and should typically be retained in a durable format to ensure its integrity and accessibility as needed for audits, reviews, and legal or regulatory purposes. Saving it in a non-permanent format could undermine these objectives.
C. Documentation related to audit controls (third-party or internal) should be saved in a non-permanent format by default. Audit control documentation is critical for verifying and demonstrating compliance and should typically be retained in a permanent or durable format until it's no longer needed, based on the organization's retention schedule and any applicable legal or regulatory requirements. Saving it in a non-permanent format by default would potentially jeopardize the organization's ability to validate and demonstrate past compliance.
should be C