Isaca ISACA Advanced in AI Security Management (AAISM) Exam AAISM Question # 11 Topic 2 Discussion
AAISM Exam Topic 2 Question 11 Discussion:
Question #: 11
Topic #: 2
An organization decides to contract a vendor to implement a new set of AI libraries. Which of the following is MOST important to address in the master service agreement to protect data used during the AI training process?
AAISM emphasizes that the right to audit is the most critical contractual safeguard when outsourcing AI services. This allows the contracting organization to independently verify that the vendor is applying appropriate protections to training data, meeting compliance obligations, and upholding privacy requirements. Pseudonymization is a technical method, monitoring is operational, and certifications provide external assurance, but none give the direct, enforceable oversight that audit rights provide. In vendor contracts, the right to audit is the primary safeguard for data protection and governance.
[References:, AAISM Study Guide – AI Governance and Program Management (Third-Party Contracts and Audit Rights), ISACA AI Security Management – Vendor Governance Controls, , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit