An organization is planning for an upcoming Payment Card Industry Data Security Standard (PCI DSS) audit and wants to ensure that only relevant files are included in the audit materials. Which process should the organization use to ensure that the relevant files are identified?

Anonymization involves removing or altering personal identifiers from data so that individuals cannot be readily identified. While this process is crucial for protecting sensitive information, it does not assist in identifying relevant files for a PCI DSS audit. Anonymization focuses on privacy rather than file relevance.

Tokenization replaces sensitive data with non-sensitive equivalents (tokens) that retain essential information without compromising security. Although it is a significant security measure for protecting payment card information, it does not facilitate the identification of files required for an audit, as it focuses on data protection instead.

Normalization is a process primarily used in database design to reduce redundancy and improve data integrity. While it can enhance data organization, it does not specifically address the identification of relevant files for a PCI DSS audit, making it an unsuitable option for this purpose.