A risk practitioner has identified that the organization’s secondary data center does not provide redundancy for a critical application. Who should have the authority to accept the associated risk?

A. Business continuity director
B. Business application owner
C. Disaster recovery manager
D. Data center manager