Certified Information Systems Auditor (CISA) — Question 82

Which of the following should be the FIRST step to successfully implement a corporate data classification program?

Answer options

• A. Check for the required regulatory requirements.
• B. Select a data loss prevention (DLP) protocol.
• C. Confirm that adequate resources are available for the project.
• D. Approve a data classification policy.

Correct answer: A

Explanation

The correct answer is A, as understanding regulatory requirements is crucial for guiding the data classification program and ensuring compliance. Without this foundational knowledge, the other steps may not align with necessary legal obligations. Options B, C, and D are important but should follow the establishment of regulatory understanding.