Certified Information Security Manager (CISM) — Question 811

Which of the following MOST effectively identifies issues related to noncompliance with legal, regulatory, and contractual requirements?

Answer options

• A. Compliance maturity assessment
• B. Compliance benchmarking data
• C. Compliance gap analysis
• D. Independent compliance audit

Correct answer: D

Explanation

An Independent compliance audit is designed to thoroughly assess and identify compliance issues, providing an objective review of adherence to legal and regulatory standards. In contrast, a compliance maturity assessment evaluates the organization's compliance processes, benchmarking data compares performance against others, and gap analysis identifies discrepancies but may not fully uncover underlying issues.