CISA Certified Information Systems Auditor – Question0493

Which of the following should be an IS auditor’s PRIMARY consideration when evaluating the development and design of a privacy program?

A.
Data governance and data classification procedures
B. Policies and procedures consistent with privacy guidelines
C. Industry practice and regulatory compliance guidance
D. Information security and incident management practices

Correct Answer: C