Certified in Risk and Information Systems Control (CRISC) — Question 405

Which of the following is the MOST important step to ensure regulatory requirements are adequately addressed within an organization?

Answer options

• A. Employ IT solutions that meet regulatory requirements
• B. Perform a gap analysis against regulatory requirements
• C. Obtain necessary resources to address regulatory requirements
• D. Develop a policy framework that addresses regulatory requirements

Correct answer: D

Explanation

Developing a policy framework that addresses regulatory requirements is essential as it provides a structured approach for compliance and ensures all aspects of regulations are considered. While employing IT solutions, performing gap analyses, and obtaining resources are important, they are supplementary to having a comprehensive policy framework guiding these efforts.