Which actions should you take first to ensure that you are compliant with Infosec policy?

Your company uses a whitelisting approach to manage third-party apps and add-ons. The Senior VP of Sales & Marketing has urgently requested access to a new Marketplace app that has not previously been vetted.

The company’s Information Security policy empowers you, as a Google Workspace admin, to grant provisional access immediately if all of the following conditions are met:

✑ Access to the app is restricted to specific individuals by request only.

✑ The app does not have the ability to read or manage emails.

✑ Immediate notice is given to the Infosec team, followed by the submission of a security risk analysis report within 14 days.

Which actions should you take first to ensure that you are compliant with Infosec policy?
A . Move the Senior VP to a sub-OU before enabling Marketplace Settings > “Allow Users to Install Any App from Google Workspace Marketplace.”
B . Confirm that the Senior VP’s OU has the following Gmail setting disabled before whitelisting the app: “Let users delegate access to their mailbox.”
C . Add the Marketplace app, then review the authorized scopes in Security > Manage API client access.
D . Search the Google Workspace support forum for feedback about the app to include in the risk analysis report.