A systems administrator is decommissioning a physical server that processed and stored credit-card transaction data. The company's general data-retention policy requires keeping business records for five years. However, the data on this server is subject to specific industry regulations. Which of the following is the MOST important factor for determining the media-retention requirements for the server's drives?
Regulatory and compliance standards are the most important factor. Credit-card data is governed by PCI DSS and possibly other laws. These external requirements obligate the organization to define and follow data-retention and disposal policies that satisfy legal and industry obligations, taking precedence over any less-stringent internal policy. Operational considerations such as hardware end-of-life or the cost of storage do not establish mandatory retention periods.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is PCI DSS, and why is it important for credit-card data storage?
Open an interactive chat with Bash
How do regulatory standards differ from a company's internal policies?
Open an interactive chat with Bash
What are secure data disposal methods for decommissioned servers with sensitive information?