Certified Information Systems Auditor (CISA) — Question 523

What would be an IS auditor's BEST recommendation upon finding that a third- party IT service provider hosts the organization's human resources (HR) system in a foreign country?

Answer options

• A. Review third-party audit reports.
• B. Conduct a privacy impact analysis.
• C. Implement change management review.
• D. Perform background verification checks.

Correct answer: B

Explanation

The correct answer is B, as a privacy impact analysis helps assess the implications of hosting sensitive HR data in a foreign country and ensures compliance with relevant privacy laws. The other options, while important for overall security and governance, do not specifically address the privacy concerns related to data residency and international laws.