Which of the following is MOST important for an information security manager to ensure when evaluating change requests? 

Answer options:

A. Requests are approved by process owners.
B. Requests add value to the business.
C. Residual risk is within risk tolerance.
D. Contingency plans have been created.

D