C. Sharing

By outsourcing the critical application, the organization is actively avoiding the risks associated with the scarcity of specialized resources internally. This approach allows the organization to mitigate potential challenges and focus on its core competencies while relying on external expertise to manage the critical application.

When an organization decides to outsource a critical application due to a lack of specialized resources, it has adopted the risk response of sharing. Sharing involves transferring or outsourcing a portion or all of the risk to another party. In this case, the organization is sharing the responsibility for the critical application with an external service provider. In the context of outsourcing a critical application, the organization has chosen to share the risk by relying on external expertise and resources through outsourcing.

C. Sharing By outsourcing the critical application, the organization is sharing the risk with the third-party service provider. This means that the responsibility for the application's performance and security is partially transferred to the outsourcing partner, reducing the organization's exposure to the risk associated with the lack of specialized resources.

sharing is the answer. 'avoidance' means eliminating the exposure, e.g. cancelling the operations entirely

C: Sharing

Risk Sharing is where risk is transferred to third parties ie insurance companies or vendors