Certified in Risk and Information Systems Control (CRISC) — Question 1124

Which of the following is the MOST important document regarding the treatment of sensitive data?

Answer options

• A. Organization risk profile
• B. Digital rights management policy
• C. Information classification policy
• D. Encryption policy

Correct answer: C

Explanation

The Information classification policy is essential because it categorizes data based on its sensitivity and outlines how it should be treated. The other options, while important, do not specifically address the treatment protocols for sensitive data like the classification policy does.