ISC2 Governance, Risk and Compliance (CGRC) Practice Question

A complete implementation strategy addresses four key planning components: resourcing (who will perform the work), timeline (when tasks will be executed), effectiveness (how success will be measured), and funding (how the effort will be paid for). In the scenario, resourcing (control owners), effectiveness (success metrics), and timeline (schedule) are already covered, leaving funding unaddressed. Securing and documenting the budget-including costs for tools, licenses, labor, and support-finalizes the plan. Identifying compensating controls is only necessary if baseline controls cannot be implemented, which has not been stated here. Defining a change-freeze window and creating unit-test scripts are useful deployment or testing activities but are not among the four core planning components required for the initial implementation strategy.