What cadence is specified for identifying and securely deleting CHD that exceeds retention?

Regular, scheduled cleanup of cardholder data that has outlived its retention period is essential to limit what remains stored and reduce risk. The best option specifies a defined cadence—quarterly—so CHD beyond retention is identified and securely deleted on a consistent timeline. Allowing it to be done automatically or manually covers practical implementations, ensuring the purge happens regularly and reliably. Deleting only when the system is decommissioned leaves data in production far longer than necessary, and having no deletion policy or a manual process without a defined schedule risks inconsistent purges. The quarterly cadence with an option for automatic or manual execution aligns with the need for an ongoing, well-documented purge of excess CHD.