Certified in Risk and Information Systems Control (CRISC) — Question 603

Of the following, whose input is ESSENTIAL when developing risk scenarios for the implementation of a third-party mobile application that stores customer data?

Answer options

• A. Business process owner
• B. IT vendor manager
• C. Information security manager
• D. IT compliance manager

Correct answer: A

Explanation

The input from the Business process owner is vital because they have a comprehensive understanding of the operational processes and how the mobile application will affect them. While the IT vendor manager, Information security manager, and IT compliance manager all play important roles, their perspectives are secondary to the foundational insights provided by the business process owner regarding the specific risks involved.