🔥 3-day streak
ISC2 CISSP — Certified Information Systems Security Professional41 / 129
Question 41 of 129

A hospital is deploying a new electronic health records (EHR) system. The Chief Medical Officer decides which staff roles may view patient records and sets the sensitivity level for the data. The IT operations team configures the database access control lists, runs nightly backups, and applies encryption at rest per policy. During an audit, a reviewer asks who is accountable for defining the appropriate protection requirements for the patient data. Which party holds this responsibility?

Reviewed for accuracy · Report an issueNext question