An information security manager is asked to provide evidence that the organization is fulfilling its legal obligation to protect personally identifiable information (PII). Which of the following would be MOST helpful for this purpose?
A. Metrics related to program effectiveness
B. Written policies and standards
C. Privacy awareness training
D. Risk assessments of privacy-related applications
A. Metrics related to program effectiveness
B. Written policies and standards
C. Privacy awareness training
D. Risk assessments of privacy-related applications