When is it allowable not to include a specific external influence in your policy development?

When developing a security policy, it is important to include many influences such as internal requirements, governmental regulations, and industry standards.

When is it allowable not to include a specific external influence in your policy development?
A . When there is little to no chance of being audited for compliance
B . When your organization is not part of the applicable audience of the external policy influence
C . When implementing wireless devices without the knowledge of the governing body that developed the external policy
D . When adherence to the external regulation or standard is cost prohibitive

Answer: B

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments