U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

IAPP CIPM Exam - Topic 2 Question 95 Discussion

SCENARIOPlease use the following lo answer the next QUESTIO N:The board risk committee of your organization is particularly concerned not only by the number and frequency of data breaches reported to it over the past 12 months, but also the inconsistency in responses and poor incident response turnaround times.Upon reviewing the current incident response plan (IRP), it was discovered that while the business continuity plan (BCP) had been updated on time, the IRP, linked to BCP. was last updated over three years ago.The board risk committee has noted this as high risk especially since company policy is to review and update policies and plans annually. Consequently, the newly appointed data protection officer (DPO) was requested to provide a paper on how she would remediate the situation.As a seasoned data privacy professional, you have been requested to assist the new DPO.Which additional proactive step listed below would best mitigate these risks in the future?
A) Make the IRP a live document that is evaluated for completeness during each incident.
B) Make copies of the IRP in various place so it can be accessed remotely or when offline.
C) Add comments about incidents to the IRP to record what action was taken.
D) Make sure that everyone listed in the IRP has a copy of the IRP

IAPP CIPM Exam - Topic 2 Question 95 Discussion

Actual exam question for IAPP's CIPM exam
Question #: 95
Topic #: 2
[All CIPM Questions]

SCENARIO

Please use the following lo answer the next QUESTIO N:

The board risk committee of your organization is particularly concerned not only by the number and frequency of data breaches reported to it over the past 12 months, but also the inconsistency in responses and poor incident response turnaround times.

Upon reviewing the current incident response plan (IRP), it was discovered that while the business continuity plan (BCP) had been updated on time, the IRP, linked to BCP. was last updated over three years ago.

The board risk committee has noted this as high risk especially since company policy is to review and update policies and plans annually. Consequently, the newly appointed data protection officer (DPO) was requested to provide a paper on how she would remediate the situation.

As a seasoned data privacy professional, you have been requested to assist the new DPO.

Which additional proactive step listed below would best mitigate these risks in the future?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Brittani at Mar 07, 2026, 08:38 AM

Limited Time Offer

25%

Off

Get Premium CIPM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Ciara
1 month ago
Surprised the IRP hasn't been updated in 3 years! That's risky.
upvoted 0 times
...
Kanisha
1 month ago
I disagree, D) seems more practical. Everyone needs access!
upvoted 0 times
...
Jeniffer
2 months ago
A) is the best choice! Keeping it live is crucial.
upvoted 0 times
...
Stevie
2 months ago
D) is essential, everyone needs to be on the same page.
upvoted 0 times
...
Mitsue
2 months ago
Wait, how did the IRP go three years without an update? That's wild!
upvoted 0 times
...
Lashaunda
2 months ago
C) is a good idea too, but it won't solve the main issue.
upvoted 0 times
...
Gregoria
2 months ago
I don't know, B) seems more practical for accessibility.
upvoted 0 times
...
Vernice
2 months ago
A) is the best choice! Keeping it updated is crucial.
upvoted 0 times
...
Charolette
3 months ago
I recall that making the IRP a live document was emphasized in our last session. It might help with the turnaround times, but I’m not entirely clear on how that would work in practice.
upvoted 0 times
...
Wilda
3 months ago
Adding comments about incidents sounds familiar. I feel like it could help track improvements, but I’m not confident it addresses the root of the problem.
upvoted 0 times
...
Carma
3 months ago
I think we had a practice question about ensuring everyone has access to the IRP. It seems crucial, but I wonder if just having copies is enough.
upvoted 0 times
...
Mitsue
3 months ago
I remember we discussed the importance of keeping the IRP updated regularly, but I'm not sure if making it a live document is the best approach.
upvoted 0 times
...

Save Cancel