Who Should Authorize Offline Implementation of Mission-Critical Application? | CISA Exam Preparation

D.

The correct answer is D. Business process owner.

When it comes to taking a mission-critical application offline to implement a new release and configuration, it is important to ensure that the process is authorized by the appropriate individual or group. In this case, the person who should authorize the project management team's request to take the application offline is the business process owner.

The business process owner is responsible for the overall performance of the business process and is in a position to understand the potential impact of taking the application offline. The business process owner can evaluate the risks associated with the downtime and assess the potential impact on business operations, stakeholders, and customers. The business process owner can also determine the appropriate timing for the downtime and coordinate with other departments or stakeholders as needed.

The other answer options are not suitable for authorizing the project management team's request. The CISO is responsible for ensuring the security of the organization's information systems and data, but their role may not necessarily extend to authorizing specific application downtime. The project manager is responsible for managing the project but may not have the authority to authorize application downtime. The application administrator is responsible for managing the application but may not have the authority to authorize application downtime outside of regular maintenance schedules.

In summary, the business process owner is the most suitable person to authorize the project management team's request to take a mission-critical application offline to implement a new release and configuration, as they have the necessary knowledge and authority to assess the impact of the downtime on business operations and stakeholders.