If your company has hired a third-party auditor to evaluate its data backup and long-term archiving policy, what type of organizational document should you present to the auditor?

A data retention policy specifies how data should be stored based on factors such as the storage location, the length of time it should be retained, and the type of storage medium to be used. A clean desk policy mandates that sensitive or confidential documents are removed from an end-user workstation and secured when not in use. An acceptable use policy (AUP) outlines the guidelines and limitations for using an organization's physical and intellectual resources, including whether personal email usage is permitted during work hours. A security policy defines the strategies for safeguarding physical and IT assets, and this document should be updated regularly as technology and employee needs evolve.