Certified Governance Risk and Compliance (CGRC) Practice Exam 2025 - Free CGRC Practice Questions and Study Guide

The correct choice highlights the nature of an Issue-Specific Policy, which is designed to tackle particular areas or concerns that an organization faces. These policies are crafted to address specific risks, compliance requirements, or operational needs that may arise within the organization. For instance, an Issue-Specific Policy might focus on data protection practices, acceptable use of technology, or incident response procedures tailored to unique threats or regulatory obligations relevant to the organization.

This type of policy enables organizations to create focused guidelines that respond directly to pressing issues, helping employees understand their roles and responsibilities in maintaining security based on that specific concern. By having policies that address specific issues, organizations can ensure that they are managing risks effectively and aligning their security posture with both their operational needs and legal requirements.

Other options like Program Policy typically offer broader governance frameworks, System-Specific Policy is designed for security measures related to particular systems, and Informative Policy often focuses on raising awareness or educating employees rather than addressing specific issues. Thus, an Issue-Specific Policy stands out as the targeted approach to managing specific concerns within an organization.