Certified Information Systems Auditor (CISA) — Question 850

Which of the following is the BEST way to ensure an organization's data classification policies are preserved during the process of data transformation?

Answer options

• A. Conduct a data discovery exercise across all business applications.
• B. Control access to extract, transform, and load (ETL) tools.
• C. Implement classification labels in metadata during data creation.
• D. Map data classification controls to data sets.

Correct answer: C

Explanation

The correct answer is C because implementing classification labels in metadata ensures that data is categorized correctly from the outset, preserving the classification throughout transformation. Options A and B do not directly address the preservation of classification during transformation, while D focuses on mapping controls rather than ensuring the classification itself is maintained.