CISM Certified Information Security Manager – Question1130 - CISM Certified Information Security Manager

The MOST important reason for formally documenting security procedures is to ensure:

A. processes are repeatable and sustainable.
B. alignment with business objectives.
C. auditability by regulatory agencies.
D. objective criteria for the application of metrics.

Correct Answer: A

Explanation:

Explanation:
Without formal documentation, it would be difficult to ensure that security processes are performed in the proper manner every time that they are performed. Alignment with business objectives is not a function of formally documenting security procedures. Processes should not be formally documented merely to satisfy an audit requirement. Although potentially useful in the development of metrics, creating formal documentation to assist in the creation of metrics is a secondary objective.