CISA Certified Information Systems Auditor – Question0073

An IS auditor is conducting a review of a healthcare organization’s IT policies for handling medical records. Which of the following is MOST important to verify?

A.
A documented policy approval process is in place
B. Policy writing standards are consistent
C. The policies comply with regulatory requirements
D. IT personnel receive ongoing policy training

Correct Answer: C