SCENARIO

Please use the following lo answer the next question:

The board risk committee of your organization is particularly concerned not only by the number and frequency of data breaches reported to it over the past 12 months, but also the inconsistency in responses and poor incident response turnaround times.

Upon reviewing the current incident response plan (IRP), it was discovered that while the business continuity plan (BCP> had been updated on time, the IRP, linked to BCP. was last updated over three years ago.

The board risk committee has noted this as high risk especially since company policy is to review and update policies and plans annually. Consequently, the newly appointed data protection officer (DPO) was requested to provide a paper on how she would remediate the situation.

As a seasoned data privacy professional, you have been requested to assist the new DPO.

Your first recommendation in addressing the board risk committee's concerns is to?