Excellent question. And another like it: please describe your backup process and whether it is in compliance with federal law.
Are the heads of federal agencies required to sign off on their data retention policies. I know I had to sign off on my groups compliance, which went to my boss, then his boss, then the CTO then the CEO. Anyone of us in the chain could be criminally liable, and believe me our compliance department went through it with a fine tooth comb on audits. Proof was required. If I couldn’t prove, it was a terminable offense