An organization’s data retention policy states that all data will be backed up, retained for 10 years, and then destroyed.
When conducting an audit of the long-term offsite backup program, an IS auditor should:
A . verify that business owners review data before it is destroyed.
B . verify that there is a process to ensure readability and restore capability.
C . confirm that business interruption insurance coverage is in place.
D . review data classification schemes for appropriate security levels.
Answer: B