Certified Information Systems Auditor (CISA) — Question 341

Before the release of a new application into an organization's production environment, which of the following should be in place to ensure that proper testing has occurred and rollback plans are in place?

Answer options

• A. Independent third-party approval
• B. Standardized change requests
• C. Secure code review
• D. Change approval board

Correct answer: D

Explanation

The correct answer is D, as a Change Approval Board is responsible for reviewing and approving changes to ensure that all testing has been completed and that rollback plans are ready. Options A, B, and C, while important in their own contexts, do not specifically address the need for a formal approval process that includes both testing verification and rollback preparations.