cdpse-d3-data-persistence-data-retention-and-archiving

Data Retention and Archiving

isaca-cdpse · framework · Gold standard

Drawn fromCDPSE Review Manual · ISACA peer-reviewed case sets·Reviewed May 5, 2026

How this was built ▾

Every cubelet runs through five agent passes before publishing. Each stage's output is recorded so we can trace how a claim got here.

01 · RESEARCHSource synthesisClaude Haiku
02 · WRITERSix-face draftingClaude Sonnet
03 · EDITORCoherence + clarity passClaude Sonnet
04 · QAQuality gate scoringClaude Opus
05 · PUBLISHERCatalog + graph commitClaude Haiku

This runcourse-factory-pipeline-v1

1

Face 1 of 6 · WHAT

What is Data Retention and Archiving

Data Retention is the governed practice of keeping data accessible and usable for a defined period, driven by legal, regulatory, and business requirements. Data Archiving is the complementary process of moving inactive data from primary systems to separate, lower-cost storage — while preserving retrievability and integrity — until the retention period expires. Together, they form the lifecycle discipline that determines: how long each data category must be kept, where and how it is stored during that period, who can access it, and how it is verifiably destroyed at period end. Retention is the policy layer (duration + legal basis); archiving is the execution layer (movement + preservation). A retention schedule without archival infrastructure is unenforceable; archival infrastructure without a retention schedule is ungoverned storage sprawl.

Where it stops · what it isn't

—Retention and archiving govern inactive or infrequently accessed data. Data in active daily use is governed by data management and access control policies, not retention schedules.
—Retention policy sets minimum and maximum duration only. It does not govern data quality, accuracy, or format — those are data stewardship concerns.
—Archiving is not backup. Backup protects against data loss for recovery purposes; archiving is long-term preservation of records for compliance, audit, or historical access.
—Legal holds suspend normal retention schedules; they are not retention policies. Holds require separate tracking and override mechanisms.
—Data destruction is a required final step of retention, not optional. Retention without verified destruction is incomplete and amplifies privacy and breach risk.
—This framework applies to structured and unstructured data (databases, email, documents, media). It does not address real-time streaming data or ephemeral transactional logs unless those are designated records.

Connected concepts in the graph

Every cubelet sits in a knowledge graph. Here's what this one connects to.

PART OF

Data Lifecycle ManagementISACA CDPSE — Data Persistence Domain

REQUIRES

Data Classification FrameworkLegal Hold ManagementData Destruction / Secure Deletion

ENABLES

Regulatory Compliance (GDPR, HIPAA, SOX, CCPA/CPRA)E-Discovery and Litigation ReadinessStorage Cost Optimization

RELATED TO

Data MinimizationData Security and Encryption

CONSTRAINS

AI/ML Training Data Management

Practice this judgment ↗

Adaptive, ~8 min

Sit in the practitioner's chair ↗

Live simulator

06 · APPLYSign up to enter the judgment simulator →

Watch your judgment grow on this concept

Create a free account to unlock all 6 faces, the judgment simulator, and a mastery score that updates with every attempt.