What should management do FIRST to address the risk of noncompliance?

December 16, 2021 by Admin

An IS audit of an organization’s data classification policies finds some areas of the policies may not be up-to-date with new data privacy regulations. What should management do FIRST to address the risk of noncompliance?

  • Conduct a privacy impact assessment to identify gaps
  • Reclassify information based on revised information classification labels
  • Mandate training on the new privacy regulations
  • Perform a data discovery exercise to identify all personal data

Leave a Reply