The IT function has declared that, when putting a new application into production, it is not necessary to update the business impact analysis (BIA) because it does not produce modifications in the business processes. The information security manager should:

A.
verify the decision with the business units.

B.
check the system’s risk analysis.

C.
recommend update after post implementation review.

D.
request an audit review.

Explanation:
Verifying the decision with the business units is the correct Answer because it is not the IT function’s responsibility to decide whether a new application modifies business processes Choice B does not consider the change in the applications. Choices C and D delay the update.