Certified Information Systems Auditor (CISA) — Question 402

Which of the following approaches would BEST ensure that data protection controls are embedded into software being developed?

Answer options

• A. Utilizing a data protection template for user acceptance testing (UAT)
• B. Implementing a quality assurance (QA) process during the development phase
• C. Deriving data protection requirements from key stakeholders
• D. Tracking data protection requirements throughout the SDLC

Correct answer: D

Explanation

The correct answer, D, highlights the importance of consistently tracking data protection requirements across the Software Development Life Cycle (SDLC) to ensure they are met at every stage. Options A, B, and C, while useful, do not provide the same comprehensive approach as D, as they focus on isolated phases or aspects rather than the entire development process.