IAPP CIPM Exam - Topic 2 Question 95 Discussion

Actual exam question for IAPP's CIPM exam

Question #: 95
Topic #: 2

SCENARIO

Please use the following lo answer the next QUESTIO N:

The board risk committee of your organization is particularly concerned not only by the number and frequency of data breaches reported to it over the past 12 months, but also the inconsistency in responses and poor incident response turnaround times.

Upon reviewing the current incident response plan (IRP), it was discovered that while the business continuity plan (BCP) had been updated on time, the IRP, linked to BCP. was last updated over three years ago.

The board risk committee has noted this as high risk especially since company policy is to review and update policies and plans annually. Consequently, the newly appointed data protection officer (DPO) was requested to provide a paper on how she would remediate the situation.

As a seasoned data privacy professional, you have been requested to assist the new DPO.

Which additional proactive step listed below would best mitigate these risks in the future?

AMake the IRP a live document that is evaluated for completeness during each incident.

BMake copies of the IRP in various place so it can be accessed remotely or when offline.

CAdd comments about incidents to the IRP to record what action was taken.

DMake sure that everyone listed in the IRP has a copy of the IRP

Show Suggested Answer

Suggested Answer: A

by Brittani at Mar 07, 2026, 08:38 AM

Limited Time Offer

25%

2 months ago

I remember we discussed the importance of keeping the IRP updated regularly, but I'm not sure if making it a live document is the best approach.

upvoted 0 times

...