Certified in Risk and Information Systems Control (CRISC) — Question 940

Who is the BEST person to authorize access privileges to database tables for an application system used to process employee personal data?

Answer options

• A. Compliance manager
• B. Data privacy manager
• C. System administrator
• D. Human resources (HR) manager

Correct answer: D

Explanation

The Human Resources (HR) manager is best positioned to authorize access privileges to database tables containing employee personal data, as they are directly responsible for managing employee information. The compliance manager and data privacy manager focus on regulatory adherence and data protection, while the system administrator typically handles technical access rather than policy-based decisions regarding sensitive data.