What should an IS auditor evaluate FIRST when reviewing an organization's response to new privacy legislation?
This is according to the ISACA's IS Auditing Guideline G14 on Privacy and Data Protection, which states that an IS auditor should first evaluate the organization's ability to identify and assess the systems that contain privacy components, and then review the adequacy of the operational plan for achieving compliance with the legislation.
Currently there are no comments in this discussion, be the first to comment!