Certified Information Systems Auditor (CISA) — Question 1387

Following significant business model changes, which of the following is the MOST important consideration when updating the IT policy?

Answer options

• A. The policy is endorsed by IT leadership.
• B. The policy is compliant with relevant laws and regulations.
• C. The policy is integrated into job descriptions.
• D. The policy is aligned with industry standards and best practice.

Correct answer: B

Explanation

The correct answer, B, emphasizes the necessity for the policy to comply with laws and regulations, which is vital to avoid legal issues. While endorsement by leadership, integration into job descriptions, and alignment with industry standards are important, they do not hold the same level of critical importance as legal compliance.