An IS auditor finds that a mortgage origination team receives customer mortgage applications via a shared repository. Which of the following test procedures is the BEST way to assess whether there are adequate privacy controls over this process? 

Answer options:

A. Validate whether the encryption is compliant with the organization`s requirements.
B. Validate that data is entered accurately and timely.
C. Validate whether documents are deleted according to data retention procedures.
D. Validate whether complex passwords are required.

A