The internal audit team determines a software application is no longer in scope for external reporting requirements. Which of the following will confirm management’s perspective that the application is no longer applicable?
Acknowledgement and attestationinvolveformal confirmationthat an application is no longer in scope for compliance, auditing, or reporting requirements. This typically includes documentation signed by relevant stakeholders confirming that the software no longer processes, stores, or transmits relevant data.
Data inventory and retention (A)is related to managing data assets, not software scope confirmation.
Right to be forgotten (B)pertains toprivacy laws (e.g., GDPR), allowing individuals to request data deletion.
Due care and due diligence (C)focus on security best practices rather than software applicability.
[Reference:CompTIA Security+ SY0-701 Official Study Guide, Security Program Management and Oversight domain., , , , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit