An internal IS auditor discovers that a service organization did not notify its customers following a data breach. Which of the following should the auditor do FIRST?

December 17, 2021 by Admin

An internal IS auditor discovers that a service organization did not notify its customers following a data breach. Which of the following should the auditor do FIRST?

  • Notify audit management of the finding.
  • Report the finding to regulatory authorities.
  • Notify the service organization’s customers.
  • Require the service organization to notify its customers.

Leave a Reply