IGP Exam Prep Free practice test →

Free IGP Practice Questions

10 free, exam-style Information Governance Professional (IGP) practice questions with answers and explanations. No signup required. Work through them below, then take the full free IGP practice test to study every exam domain.

These 10 free IGP questions are organized by exam domain, so you can see how each part of the Information Governance Professional blueprint is tested. Reveal the answer and explanation under each question.

Domain 1: Steering Committee 10% of exam

Question 1

An IGP conducts a maturity assessment and finds that the organization has documented IG policies that are consistently followed, core retention schedules are in place, and the program meets its legal and regulatory obligations. However, there is no metrics-driven improvement process and IG is not yet integrated into strategic planning. According to ARMA's Information Governance Maturity Model, this organization is BEST classified at which level?

  1. Level 2 - In Development
  2. Level 3 - Essential
  3. Level 4 - Proactive
  4. Level 5 - Transformational
Show answer & explanation

Correct answer: B - Level 3 - Essential

Domain 2: Authorities 11% of exam

Question 2

An organization collects customer email addresses during online purchases to fulfill orders and send shipping notifications. The marketing department now wants to use those same email addresses for a promotional newsletter campaign. Under the GDPR, which data protection principle is MOST directly at risk if the organization proceeds without obtaining a new lawful basis?

  1. Data minimization
  2. Purpose limitation
  3. Storage limitation
  4. Integrity and confidentiality
Show answer & explanation

Correct answer: B - Purpose limitation

Question 3

An organization's IG policy states that all records must be "genuine, trustworthy, whole, and retrievable" for as long as they are needed. An auditor notes that this language closely mirrors a well-known international standard but uses non-standard terminology. The auditor recommends aligning the policy with the official four characteristics of a record: authentic, reliable, intact, and usable. Which standard defines these four characteristics?

  1. ISO/IEC 27001:2022 - Information Security Management Systems
  2. ISO 15489-1:2016 - Records Management: Concepts and Principles
  3. ISO 31000:2018 - Risk Management: Principles and Guidelines
  4. ISO 30301:2019 - Management Systems for Records: Requirements
Show answer & explanation

Correct answer: B - ISO 15489-1:2016 - Records Management: Concepts and Principles

Domain 4: Procedural Framework 16% of exam

Question 4

A multinational corporation is redesigning its records retention schedule. The IG team is debating between a granular approach with hundreds of specific record series and a "big bucket" approach that groups records into broad functional categories. Which statement BEST describes the primary advantage of the big bucket approach?

  1. It eliminates the need for legal review of retention periods
  2. It simplifies classification decisions and improves user compliance with the schedule
  3. It ensures that every record type has a unique, precisely tailored retention period
  4. It reduces the organization's overall retention periods, lowering storage costs
Show answer & explanation

Correct answer: B - It simplifies classification decisions and improves user compliance with the schedule

Domain 5: Capabilities 13% of exam

Question 5

A company is implementing a new customer analytics platform that will process large volumes of personal data, including behavioral profiling and automated decision-making that affects service eligibility. The privacy officer recommends completing an assessment before launch. Under GDPR Article 35, which assessment is REQUIRED for this type of high-risk processing?

  1. Business Impact Analysis (BIA)
  2. Information Governance Maturity Assessment
  3. Data Protection Impact Assessment (DPIA)
  4. Vendor Risk Assessment (VRA)
Show answer & explanation

Correct answer: C - Data Protection Impact Assessment (DPIA)

Domain 6: Information Lifecycle 14% of exam

Question 6

A financial services company discovers that a former employee's HR records - including performance reviews and disciplinary actions - were automatically purged by the email archiving system 60 days after the employee's termination. The company is now facing a wrongful termination lawsuit filed three weeks before the purge occurred. Under FRCP Rule 37(e), which factor will MOST likely determine the severity of sanctions the court imposes?

  1. Whether the company had a written retention policy covering HR records
  2. Whether the company acted with intent to deprive the opposing party of the information
  3. Whether the purged records were stored on company-owned or cloud-hosted systems
  4. Whether the former employee had copies of their own performance reviews
Show answer & explanation

Correct answer: B - Whether the company acted with intent to deprive the opposing party of the information

Question 7

During a litigation hold, the IT department notifies the IGP that the auto-deletion policy on the email system is still running and has not been suspended for the identified custodians. Several custodians' emails dating back 18 months have already been deleted since the hold was issued two weeks ago. What should the IGP do FIRST?

  1. Notify outside counsel immediately and document the scope of the deletion
  2. Reissue the legal hold notice to all custodians with updated instructions
  3. Conduct a root cause analysis to determine why IT did not suspend the policy
  4. Contact the opposing party to negotiate a resolution before the court is involved
Show answer & explanation

Correct answer: A - Notify outside counsel immediately and document the scope of the deletion

Question 8

A law firm sends a litigation hold notice to a corporate defendant. The defendant's IGP must now work with IT to identify and preserve potentially relevant electronically stored information (ESI) across email, file shares, and a cloud-based CRM. According to the EDRM, these activities - locating custodians and data sources, then ensuring the ESI is not altered or destroyed - correspond to which two consecutive stages of the model?

  1. Information Governance and Identification
  2. Identification and Preservation
  3. Preservation and Collection
  4. Collection and Processing
Show answer & explanation

Correct answer: B - Identification and Preservation

Domain 7: Architecture 13% of exam

Question 9

An organization's current records classification scheme is based on its departmental structure: Marketing, Finance, Legal, HR, and Operations. After a major reorganization that merges three departments, the classification scheme breaks down and records can no longer be reliably categorized. Which approach to taxonomy design would BEST prevent this problem from recurring?

  1. A folksonomy that allows employees to tag records with user-generated labels
  2. A functional taxonomy based on business activities rather than organizational structure
  3. An alphabetical index of all record types maintained by the Records Manager
  4. A subject-based taxonomy organized by the topics the records address
Show answer & explanation

Correct answer: B - A functional taxonomy based on business activities rather than organizational structure

Domain 8: Infrastructure 13% of exam

Question 10

An organization is decommissioning 500 hard drives that previously stored records containing personally identifiable information (PII). The retention periods for all records on these drives have expired and no legal holds are active. According to NIST SP 800-88 Guidelines for Media Sanitization, which method is MOST appropriate if the drives will not be reused or repurposed?

  1. Clear - overwrite all addressable storage locations with a fixed data pattern
  2. Purge - apply cryptographic erase or degaussing to render data unrecoverable
  3. Destroy - physically disintegrate, shred, or incinerate the drives
  4. Archive - transfer the drives to cold storage for an additional retention period
Show answer & explanation

Correct answer: C - Destroy - physically disintegrate, shred, or incinerate the drives

The rest of the IGP blueprint

The IGP exam also covers these domains. Drill them in the full free practice test:

Ready for the real thing?

Practice hundreds more IGP questions with instant scoring, weak-area drills, and full exam simulations.

Start the free practice test See pricing