Certified in Risk and Information Systems Control (CRISC) — Question 955

An organization plans to implement a new Software as a Service (SaaS) speech-to-text solution. Which of the following is MOST important to mitigate risk associated with data privacy?

Answer options

• A. Multi-factor authentication is set up for users.
• B. The solution architecture is approved by IT.
• C. A risk transfer clause is included in the contract.
• D. Secure encryption protocols are utilized.

Correct answer: D

Explanation

Using secure encryption protocols is essential to protect sensitive data during transmission and storage, ensuring that unauthorized access is prevented. While multi-factor authentication, approval of the solution architecture, and risk transfer clauses are important security measures, they do not specifically address the core issue of safeguarding data privacy as effectively as encryption does.