An organization performs nightly backups but does not have a formal policy. An IS auditor should FIRST:
A. evaluate current backup procedures
B. escalate to senior management
C. document a policy for the organization
D. recommend automated backup
A. evaluate current backup procedures
B. escalate to senior management
C. document a policy for the organization
D. recommend automated backup