Certified Information Systems Auditor (CISA) — Question 709

An organization is enhancing the security of a client-facing web application following a proposal to acquire personal information for a business purpose. Which of the following is MOST important to review before implementing this initiative?

Answer options

• A. Data ownership assignments
• B. Regulatory compliance requirements
• C. Customer notification procedures
• D. Encryption capabilities

Correct answer: B

Explanation

The correct answer is B, as regulatory compliance requirements are crucial to ensure the organization adheres to laws and regulations governing the collection and processing of personal information. While data ownership, customer notification, and encryption are important, they do not directly address the legal obligations that could impact the organization's operations and liability.