CompTIA CASP+ (CAS-004) — Question 504

An external auditor noted that a company made changes to the core product and infrastructure that were not documented and approved. The management team must respond to this exception and create a plan to avoid this situation. Which of the following would best prevent recurrence?

Answer options

• A. Revising the change control policy to make sure all changes are documented
• B. Leveraging an enterprise resource planning tool to track changes
• C. Designating a change manager to approve all changes that needs to be made
• D. Using a customer relationship management tool to document production changes

Correct answer: A

Explanation

Revising the change control policy ensures that all changes are formally documented and approved, which is crucial for maintaining compliance and accountability. The other options, while potentially helpful, do not address the fundamental need for a robust policy that mandates documentation and approval for all changes.