Certified Information Systems Auditor (CISA) — Question 872

An organization has just created a new data classification scheme and needs to define how it will operate within the organization. What should be the NEXT step?

Answer options

• A. Create a list of all data owners and custodians.
• B. Create a set of standards and procedures.
• C. Hire a specialized auditor to assess the implementation.
• D. Conduct workshops for each business unit.

Correct answer: B

Explanation

The correct answer, B, is essential because creating standards and procedures ensures that the classification scheme is effectively implemented and followed throughout the organization. While creating a list of data owners (A) and conducting workshops (D) are important, they are not as critical as establishing the operational guidelines. Hiring an auditor (C) might be necessary later, but it is not the immediate next step.