During a vendor assessment, reviewing the vendor's data retention and disposal policies is irrelevant for understanding potential risks to your organization.
Reviewing a vendor's data retention and disposal policies is highly relevant and important when conducting a risk assessment. These policies dictate how the vendor handles sensitive data and when and how they dispose of it, which can have significant implications for your organization's data security and compliance.