CISA Certified Information Systems Auditor – Question0038

An IS auditor is evaluating the completeness of privacy procedures involving personally identifiable information (PII). Which of the following is MOST important for the auditor to verify is included in the procedures?

A.
Regulatory requirements for protecting PII
B. The organization’s definition of PII
C. Encryption requirements for transmitting PII externally
D. A description of how PII is masked within key systems

Correct Answer: A