Certified in Risk and Information Systems Control (CRISC) — Question 789
An organization has completed a risk assessment of one of its service providers. Who should be accountable for ensuring that risk responses are implemented?
Answer options
- A. IT risk practitioner
- B. The relationship owner
- C. Third-party security team
- D. Legal representation of the business
Correct answer: B
Explanation
The relationship owner is tasked with ensuring that the risk responses are carried out, as they maintain the overall responsibility for the relationship with the service provider. The IT risk practitioner may provide support and guidance, but they do not directly oversee the implementation. The third-party security team is involved in security measures, while legal representation focuses on compliance and contractual obligations, but neither has the direct accountability for risk response execution.