Certified Information Systems Auditor (CISA) — Question 457

Which of the following is MOST important to ensure when reviewing a global organization's controls to protect data held on its IT infrastructure across all of its locations?

Answer options

• A. The capacity of underlying communications infrastructure in the host locations is sufficient.
• B. The threat of natural disasters in each location hosting infrastructure has been accounted for.
• C. Relevant data protection legislation and regulations for each location are adhered to.
• D. Technical capabilities exist in each location to manage the data and recovery operations.

Correct answer: C

Explanation

Ensuring compliance with relevant data protection legislation and regulations is critical as it protects the organization from legal penalties and reputational damage. While the other options address important aspects of infrastructure and risk management, they do not directly relate to the legal and regulatory responsibilities that must be prioritized in a global context.