Vendor management focuses on the oversight of third-party providers. This includes ensuring they meet security standards, contractual obligations, and comply with relevant regulations. Requiring implementation and management of security controls is a key part of this process.
Let's look at why the other options are less suitable:
Disaster recovery is about restoring services after an outage. While security is important in disaster recovery, it's not the primary focus of requiring security controls in third-party services.
Security governance is a broader framework of policies and processes for managing organizational security. While vendor management falls under it, it's not the specific aspect highlighted in the question.
Compliance management ensures adherence to laws and regulations. It's related to vendor management, but the question focuses specifically on the ability to require security controls, which is a vendor management function.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit