To ensure an organization is complying with privacy requirements, an IS auditor should FIRST review: 
A、the IT infrastructure. 
B、organizational policies, standards and procedures. 
C、legal and regulatory requirements. 
D、the adherence to organizational policies, standards and procedures.