To ensure an organization is complying with privacy requirements, an IS auditor should FIRST review:
A、the IT infrastructure.
B、organizational policies, standards and procedures.
C、legal and regulatory requirements.
D、the adherence to organizational policies, standards and procedures.