Which of the following should be an IS auditor’s PRIMARY consideration when evaluating the development and design of a privacy program?
A. Data governance and data classification procedures
B. Policies and procedures consistent with privacy guidelines
C. Industry practice and regulatory compliance guidance
D. Information security and incident management practices
A. Data governance and data classification procedures
B. Policies and procedures consistent with privacy guidelines
C. Industry practice and regulatory compliance guidance
D. Information security and incident management practices