CompTIA CASP+ Test 2025 – 400 Free Practice Questions to Pass the Exam

The business requirements document is ideal for capturing security requirements during a CRM replacement project because it outlines the overarching goals and needs of the business, including security aspects. This document serves as a bridge between the stakeholders and the technical team, ensuring that all necessary functionality, including security measures, aligns with the broader business objectives.

Specifically, the business requirements document not only details functional requirements but also can include non-functional requirements, such as security, compliance, and privacy expectations. As stakeholders communicate their needs, security considerations can be clearly defined and prioritized, making it easier to design a CRM system that meets both operational and security goals.

While the technical specifications document focuses more on the technical implementation details and the risk management plan addresses potential risks, these do not inherently capture the security needs at the level of understanding required by stakeholders. The project charter outlines the project's purpose and scope but is typically more strategic and does not go into the specific detail needed for security requirements. Thus, for effectively understanding and documenting security needs, the business requirements document is the most suitable choice.