Certified Information Security Manager (CISM) — Question 354

Which of the following BEST enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met?

Answer options

• A. Engaging external experts to provide guidance on changes in compliance requirements
• B. Assigning the operations manager accountability for meeting compliance requirements
• C. Embedding compliance requirements within operational processes
• D. Performing periodic audits for compliance with legal and regulatory requirements

Correct answer: C

Explanation

The correct answer, C, emphasizes the importance of integrating compliance into daily operations, ensuring it becomes part of the organizational culture. Options A and B may provide support but do not ensure ongoing compliance, while D, although useful, is reactive rather than proactive as it only checks compliance periodically.