CompTIA SecurityX (CAS-005) — Question 279

An organization is required to:

• Respond to internal and external inquiries in a timely manner.
• Provide transparency.
• Comply with regulatory requirements.

The organization has not experienced any reportable breaches but wants to be prepared if a breach occurs in the future. Which of the following is the best way for the organization to prepare?

Answer options

• A. Outsourcing the handling of necessary regulatory filings to an external consultant
• B. Integrating automated response mechanisms into the data subject access request process
• C. Developing communication templates that have been vetted by internal and external counsel
• D. Conducting lessons-learned activities and integrating observations into the crisis management plan

Correct answer: C

Explanation

Option C is correct because having vetted communication templates ensures that the organization can respond effectively and consistently to inquiries during a breach. The other options, while beneficial, do not directly address the need for prepared communication strategies that meet transparency and compliance requirements.