Which of the following would BEST prepare an information security manager for regulatory reviews?
A.
Assign an information security administrator as regulatory liaison
B.
Perform self-assessments using regulatory guidelines and reports
C.
Assess previous regulatory reports with process owners input
D.
Ensure all regulatory inquiries are sanctioned by the legal department
Explanation:
Self-assessments provide the best feedback on readiness and permit identification of items requiring remediation. Directing regulators to a specific person or department, or assessing previous reports, is not as effective. The legal department should review all formal inquiries but this does not help prepare for a regulatory review.