# Data Retention and Destruction Backlink: [[Domain 1 - Index]] **Definition:** Policies and controls to keep data only as long as needed and dispose of it securely. ## Key Facts - Retention schedules by data type; holds override deletion. - Destruction: shredding, degaussing, crypto-shredding, secure wipe. - Track locations: on-prem, cloud, backups, logs, endpoints. - Balance analytics value vs. privacy/minimization. - Certificates of destruction and vendor controls. - **Verify:** check official (ISC)² CBK and current exam outline. >[!tip] **Exam Relevance** - Choose appropriate sanitization method - Handle deletion during legal hold >[!note] **Mnemonic** - “Keep Necessary, Kill Nicely.” ### Example Q: SSD disposal; best method? A: Crypto-erase (and physical destruction if required). ## Revision Checklist - [ ] List 3 destruction methods - [ ] Explain legal hold impact - [ ] Map retention to data classes - [ ] Include cloud/backup considerations ## Related [[Privacy Principles and Regulations]] · [[E-Discovery (EDRM)]] · [[Business Continuity Planning (BCP) Overview]] · [[Third-Party and Supplier Risk Management]] · [[Security Policy Types]] #cisSP #domain-1 #concept