Because regulatory compliance is a significant effort, some organizations engage full-time teams to collect, review, and report in an attempt to demonstrate that regulations are being followed. However, creating these full-time teams redirects business protection resources needlessly. A better strategy is to create an IT policies framework that defines security controls that aligns with policies and regulations.

A) True
B) False