Which option best describes a key focus of administrative safeguards in risk management?

Administrative safeguards center on governance—the policies, procedures, and people-driven processes that shape how risk is managed. This focus means creating and enforcing security policies, assigning security responsibilities, providing workforce training, establishing incident response procedures, and planning for contingencies. All of these elements set the rules and standards for behavior and operations, ensuring consistent security practices across the organization. Technical controls are about technology-based protections like encryption, access control systems, and authentication methods. Physical barriers protect the environment (locks, guards, secured facilities). Detective controls are mechanisms that identify and alert after an event occurs (logging, monitoring, audits). The question asks for the primary focus of administrative safeguards, which is best described by the governance and procedural aspects rather than the actual technologies, physical measures, or post-event detection.