CompTIA CASP+ (CAS-003) — Question 141

An organization is preparing to develop a business continuity plan. The organization is required to meet regulatory requirements relating to confidentiality and availability, which are well-defined. Management has expressed concern following initial meetings that the organization is not fully aware of the requirements associated with the regulations. Which of the following would be MOST appropriate for the project manager to solicit additional resources for during this phase of the project?

Answer options

• A. After-action reports
• B. Gap assessment
• C. Security requirements traceability matrix
• D. Business impact assessment
• E. Risk analysis

Correct answer: B

Explanation

A Gap assessment is essential as it identifies the discrepancies between current practices and regulatory requirements, helping the organization understand what is lacking. The other options, while useful, do not specifically address the need to evaluate compliance with regulations in this context, making them less appropriate for the project manager's immediate needs.