Certified Information Systems Auditor (CISA) — Question 44

A new privacy regulation requires a customer's privacy information to be deleted within 72 hours, if requested. Which of the following would be an IS auditor's
GREATEST concern regarding compliance to this regulation?

Answer options

• A. Outdated online privacy policies
• B. End user access to applications with customer information
• C. Incomplete backup and retention policies
• D. Lack of knowledge of where customers' information is saved

Correct answer: D

Explanation

The correct answer is D because if an organization does not know where customer information is stored, it cannot ensure timely deletion as required by the regulation. While the other options are concerns, they do not directly impede the ability to comply with the 72-hour deletion requirement.