Isaca ISACA Advanced in AI Security Management (AAISM) Exam AAISM Question # 69 Topic 7 Discussion
AAISM Exam Topic 7 Question 69 Discussion:
Question #: 69
Topic #: 7
An organization is adopting an agentic AI solution from an external vendor to support internal IT operations. Which of the following provides the MOST reliable and independently verifiable evidence of implemented security controls?
AAISM states that when evaluating external AI vendors, independently issued third-party audit reports (SOC, ISO, AI assurance assessments) provide the strongest evidence of implemented controls because they are objective, repeatable, and externally verified.
Peer reviews (A) lack formality, internal red-team reports (C) are non-independent, and whitepapers (D) are marketing documents without assurance value.
[References: AAISM Study Guide – Third-Party AI Risk Management; Independent Assurance and Audit Requirements., ============================================, ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit