A critical component of a continuous improvement program for information security is:

A.
measuring processes and providing feedback.

B.
developing a service level agreement (SLA) for security.

C.
tying corporate security standards to a recognized international standard.

D.
ensuring regulatory compliance.

Explanation:
If an organization is unable to take measurements that will improve the level of its safety program, then continuous improvement is not possible. Although desirable, developing a service level agreement (SLA) for security, tying corporate security standards to a recognized international standard and ensuring regulatory compliance are not critical components for a continuous improvement program.