Certified in Risk and Information Systems Control (CRISC) — Question 754

Which of the following is the BEST way to determine software license compliance?

Answer options

• A. Conduct periodic compliance reviews.
• B. List non-compliant systems in the risk register.
• C. Monitor user software download activity.
• D. Review whistleblower reports of noncompliance.

Correct answer: A

Explanation

Conducting periodic compliance reviews is the best approach because it allows for systematic evaluations of software usage against licensing agreements. Listing non-compliant systems, monitoring downloads, and reviewing whistleblower reports may help identify issues, but they are not comprehensive methods for ensuring overall compliance.