An information security assessor for an organization finished an assessment that identified critical issues with
the human resource new employee management software application. The assessor submitted the report to
senior management but nothing has happened. Which of the following would be a logical next step?
A.
Meet the two key VPs and request a signature on the original assessment.
B.
Include specific case studies from other organizations in an updated report.
C.
Schedule a meeting with key human resource application stakeholders.
D.
Craft an RFP to begin finding a new human resource application.