CRISC Certified in Risk and Information Systems Control – Question110

You are the IT manager in Bluewell Inc. You identify a new regulation for safeguarding the information processed by a specific type of transaction. What would be the FIRST action you will take?

A.
Assess whether existing controls meet the regulation
B. Update the existing security privacy policy
C. Meet with stakeholders to decide how to comply
D. Analyze the key risk in the compliance process

Correct Answer: A

Explanation:

Explanation:
When a new regulation for safeguarding information processed by a specific type of transaction is being identified by the IT manager, then the immediate step would be to understand the impact and requirements of this new regulation. This includes assessing how the enterprise will comply with the regulation and to what extent the existing control structure supports the compliance process. After that manager should then assess any existing gaps.
Incorrect Answers: B, C, D: These choices are appropriate as well as important, but are subsequent steps after understanding and gap assessment.