Which of the following ensures that updates to policies, procedures, and configurations are made
in a controlled and documented fashion?
A.
Regulatory compliance
B.
Peer review
C.
Change management
D.
Penetration testing
You must be logged in to post a comment.
a
A is incorrect. C is the correct answer. This a topic in CISSP as well, which I just passed. This is Change Management.
A has to do with being compliant with regulations such as HIPAA and SOX. Nothing with documenting changes to the policies themselves.