An IS auditor is conducting a review of a healthcare organization’s IT policies for handling medical records. Which of the following is MOST important to verify?

A. A documented policy approval process is in place
B. Policy writing standards are consistent
C. The policies comply with regulatory requirements
D. IT personnel receive ongoing policy training