In which of the following situations is it acceptable to retain data beyond the stated...

Comprehensive and Detailed Explanation:

The CGEIT Review Manual 8th Edition, in its Governance of Enterprise IT domain, addresses data retention policies and exceptions, particularly in regulated environments. Retaining data beyond policy is acceptable when legally justified, such as a high probability of litigation, where data may be required as evidence. This ensures compliance with legal obligations and avoids penalties. The manual likely references COBIT 2019’s BAI09-Managed Assets, which includes data retention for legal purposes.

Option A: Analytics model does not justify violating policy, as analytics can use anonymized data.

Option C: Expected regulations are speculative and not a valid exception.

Option D: Database upgrade is technical and unrelated to retention policy exceptions.

Double Verification: The answer aligns with COBIT’s BAI09 and the CGEIT domain’s focus on compliance. Litigation is a standard ISACA exception for data retention.

ISACA CGEIT Review Manual 8th Edition, Domain 1: Governance of Enterprise IT (focus on data governance).

COBIT 2019, BAI09-Managed Assets.

ISACA Glossary (for definitions of data retention), available at https://www.isaca.org/resources/glossary.