An IS auditor is unable to directly test privacy controls for a client’s cloud-based application. The MOST effective alternative to direct testing is to review:
A. the provider’s internal audit reports.
B. the provider’s statement of assurance.
C. formal privacy certification.
D. independent audit reports.
A. the provider’s internal audit reports.
B. the provider’s statement of assurance.
C. formal privacy certification.
D. independent audit reports.