Certified Information Systems Auditor (CISA) — Question 86

Which of the following is the MOST important consideration for an organization when strategizing to comply with privacy regulations?

Answer options

• A. Ensuring up-to-date knowledge of where customer personal data is saved.
• B. Ensuring there are staff members with in-depth knowledge of the regulations.
• C. Ensuring regular access recertification to information systems.
• D. Ensuring contracts with third parties that process customer data are regularly updated.

Correct answer: A

Explanation

The most critical aspect is knowing where customer personal data is stored, as this directly impacts compliance with privacy regulations. While having knowledgeable staff, regular access recertification, and updated contracts are important, they all hinge on the fundamental understanding of data location and management.