The PRIMARY concern of an information security manager documenting a formal data retention policy would be:
A . generally accepted industry best practices.
B . business requirements.
C . legislative and regulatory requirements.
D . storage availability.
Answer: B
Explanation:
The primary concern will be to comply with legislation and regulation but only if this is a genuine business requirement. Best practices may be a useful guide but not a primary concern. Legislative and regulatory requirements are only relevant if compliance is a business need. Storage is irrelevant since whatever is needed must be provided