CISA Certified Information Systems Auditor – Question0054

Which of the following should an IS auditor review FIRST when planning a customer data privacy audit?

A.
Legal and compliance requirements
B. Customer agreements
C. Organizational policies and procedures
D. Data classification

Correct Answer: B