CISA Certified Information Systems Auditor – Question1998 - CISA Certified Information Systems Auditor

An IS auditor’s PRIMARY concern about a business partner agreement for the exchange of electronic information should be to determine whether there is:

A. a clause that addresses the audit of shared systems.
B. evidence of review and approval by each partner’s legal department.
C. an information classification framework.
D. appropriate control and responsibility defined for each partner.

Correct Answer: C

Explanation:

Explanation:
The overall purpose of using a formal information classification scheme is to ensure proper handling based on the information content and context. Context refers to the usage of information.
Two major risks are present in the absence of an information classification scheme. The first major risk is that information will be mishandled. The second major risk is that without an information classification scheme, all of the organization’s data may be subject to scrutiny during legal proceedings. The information classification scheme safeguards knowledge. Failure to implement a records and data classification scheme leads to disaster