An internal IS auditor discovers that a service organization did not notify its customers following a data breach.
Which of the following should the auditor do FIRST?
A . Notify audit management of the finding.
B . Report the finding to regulatory authorities.
C . Notify the service organization’s customers.
D . Require the service organization to notify its customers.
Answer: A
Latest CISA Dumps Valid Version with 2694 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund