CISA Certified Information Systems Auditor – Question0692

A new regulatory standard for data privacy requires an organization to protect personally identifiable information (PII). Which of the following is MOST important to include in the audit engagement plan to access compliance with the new standard?

A.
Identification of IT systems that host PII
B. Review of data loss risk scenarios
C. Identification of unencrypted PII
D. Review of data protection procedures

Correct Answer: D