Certified in Risk and Information Systems Control (CRISC) — Question 984
Which stakeholder is MOST important to include when defining a risk profile during the selection process for a new third-party application?
Answer options
- A. The information security manager
- B. The third-party risk manager
- C. The application vendor
- D. The business process owner
Correct answer: D
Explanation
The business process owner is essential because they understand the specific needs and risks associated with the application in the context of the business. While the other stakeholders, such as the information security manager and the third-party risk manager, provide valuable input, they may not fully grasp the operational implications of the application as well as the business process owner does.