🔥 3-day streak
ISC2 CISSP — Certified Information Systems Security Professional35 / 129
Question 35 of 129

A hospital is rolling out a new patient-portal system that stores electronic health records. Leadership asks who should be formally accountable for assigning the classification level of the patient data and approving who may access it. The IT infrastructure team manages the servers and encryption, while the compliance office monitors regulatory requirements. Which party should hold this accountability?

Reviewed for accuracy · Report an issueNext question