You are the IT manager in Bluewell Inc. You identify a new regulation for safeguarding the
information processed by a specific type of transaction. What would be the FIRST action you will
take?

A.
Assess whether existing controls meet the regulation

B.
Update the existing security privacy policy

C.
Meet with stakeholders to decide how to comply

D.
Analyze the key risk in the compliance process

Explanation:

When a new regulation for safeguarding information processed by a specific type of transaction is
being identified by the IT manager, then the immediate step would be to understand the impact
and requirements of this new regulation. This includes assessing how the enterprise will comply
with the regulation and to what extent the existing control structure supports the compliance
process. After that manager should then assess any existing gaps.
subsequent steps after understanding and gap assessment.