nerdexam
Isaca

CDPSE · Question #25

During which of the following system lifecycle stages is it BEST to conduct a privacy impact assessment (PIA) on a system that holds personal data?

The correct answer is B. Development. A PIA is most effective when conducted during development because privacy controls can be designed and built into the system (Privacy by Design) rather than retrofitted later at much greater cost and complexity. Identifying risks early allows architects and developers to make str

Privacy Architecture

Question

During which of the following system lifecycle stages is it BEST to conduct a privacy impact assessment (PIA) on a system that holds personal data?

Options

  • AFunctional testing
  • BDevelopment
  • CProduction
  • DUser acceptance testing (UAT)

How the community answered

(28 responses)
  • A
    4% (1)
  • B
    93% (26)
  • D
    4% (1)

Explanation

A PIA is most effective when conducted during development because privacy controls can be designed and built into the system (Privacy by Design) rather than retrofitted later at much greater cost and complexity. Identifying risks early allows architects and developers to make structural changes before code is finalized. Conducting a PIA during functional testing, UAT, or production means the system architecture is already fixed - any privacy risks discovered would require expensive rework or be left unmitigated. Regulators (e.g., GDPR Article 35) also expect PIAs to occur before processing begins, reinforcing development as the correct stage.

Topics

#Privacy Impact Assessment (PIA)#System Development Life Cycle (SDLC)#Privacy by Design#Privacy Risk Management

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice