CISA Certified Information Systems Auditor – Question0307

An IS auditor notes that a loan servicing group retains customer personally identifiable information (PII) on a shared drive. Which of the following is MOST important to ensure compliance with privacy principles?

A.
Backups are performed in accordance with organizational policy.
B. Access to the shared drive must be approved by the manager of the group.
C. The data is maintained in accordance with the business’s retention policy.
D. All key customer data elements are captured on the shared drive.

Correct Answer: C