CISA Certified Information Systems Auditor – Question2105

Which of the following would be the FIRST step to help ensure the necessary regulatory requirements are addressed in an organization’s cross-border data protection policy?

A.
Conduct a risk assessment
B. Perform a gap analysis
C. Conduct stakeholder interviews
D. Perform a business impact analysis

Correct Answer: B