The entity identifies and maintains confidential information to meet the entity’s objectives related to confidentiality
Procedures are in place to identify and designate confidential information when it is received or created and to determine the period over which the confidential information is to be retained
Procedures are in place to protect confidential information from erasure or destruction during the specified retention period of the information