A Chief Information Security Officer (CISO) is evaluating the company`s security management program. The CISO needs to locate all the assets with identified deviations and mitigation measures. Which of the following would help the CISO with these requirements? 

Answer options:

A. An SLA document
B. A DR plan
C. SOC procedures
D. A risk register

C