A region where an organization conducts business has announced changes in privacy legislation. Which of the following should an IS auditor do FIRST to prepare for the changes?
A. Perform a gap analysis with current privacy procedures.
B. Provide suggested updates to the organization's privacy procedures.
C. Communicate the changes in privacy legislation to the legal department.
D. Design compensating controls to be in compliance with new privacy legislation.
A. Perform a gap analysis with current privacy procedures.
B. Provide suggested updates to the organization's privacy procedures.
C. Communicate the changes in privacy legislation to the legal department.
D. Design compensating controls to be in compliance with new privacy legislation.