Watch this video on YouTube
When an organization's marketing department wants to use an online collaboration service that does not comply with the information security policy, who should provide approval for risk acceptance?