Certified Information Systems Auditor (CISA) — Question 465

When developing customer-facing IT applications, in which stage of the system development life cycle (SLC) MOST beneficial to consider data privacy principles?

Answer options

• A. User acceptance testing (UAT)
• B. Systems design and architecture
• C. Requirements definition
• D. Software selection and acquisition

Correct answer: C

Explanation

The correct answer is C, as the requirements definition stage is crucial for identifying the data privacy needs and regulations that must be adhered to throughout the development process. Addressing these principles later in the UAT or design phases may lead to complications or non-compliance issues that could have been avoided if considered from the beginning.