CISSP – Information Systems Security Engineering Professional (ISSEP) — Question 8

Which of the following professionals is responsible for starting the Certification & Accreditation (C&A) process

Answer options

• A. Authorizing Official
• B. Information system owner
• C. Chief Information Officer (CIO)
• D. Chief Risk Officer (CRO)

Correct answer: B

Explanation

The Information system owner is responsible for starting the Certification & Accreditation (C&A) process as they manage the system and ensure it meets required standards. The Authorizing Official, CIO, and CRO have roles in oversight and risk management, but they do not initiate the C&A process.