Following a forensics investigation, an organization is focused on implementing a comprehensive set of policies...

According to the CHFI v11 objectives and theElectronic Discovery Reference Model (EDRM)framework, the activity described in this scenario corresponds to theInformation Governancestage. Information governance is the foundational phase of the EDRM cycle and focuses on establishingpolicies, procedures, controls, and standardsto manage electronic information throughout its lifecycle. This includes defining data retention schedules, access control policies, compliance requirements, preservation rules, and audit readiness.

In CHFI v11, information governance is emphasized as aproactive and strategic functionthat ensures an organization is prepared for future investigations, audits, litigation, or regulatory inquiries. By implementing governance controls after an investigation, organizations strengthen forensic readiness, reduce legal risk, and ensure that electronic data remains reliable, authentic, and admissible as evidence.

The other options do not accurately match the described activity. Disposal (Option A) refers to defensible deletion after legal hold requirements expire. Collection (Option C) involves acquiring data for analysis, while Identification (Option D) focuses on locating potentially relevant data sources. None of these address long-term policy creation or enterprise-wide data control.

The CHFI v11 Exam Blueprint explicitly includesInformation Governancewithin the eDiscovery process, highlighting its role in compliance, risk mitigation, and evidence integrity management, making Option B the correct and exam-aligned answer