The IT function has declared that, when putting a new application into production, it is not
necessary to update the business impact analysis (BIA) because it does not produce modifications
in the business processes. The information security manager should:

A.
verify the decision with the business units.

B.
check the system’s risk analysis.

C.
recommend update after post implementation review.

D.
request an audit review.

Explanation:

Verifying the decision with the business units is the correct answer because it is not the IT
function’s responsibility to decide whether a new application modifies business processes Choice
B does not consider the change in the applications. Choices C and D delay the update.