Which of the following is the BEST evidence that an organization`s information security governance framework is effective? 

Answer options:

A. Threats to the organization have diminished.
B. The risk register is reviewed annually.
C. The framework focuses primarily on technical controls.
D. The framework can adapt to organizational changes.

A