Isaca Certified in Risk and Information Systems Control CRISC Question # 369 Topic 37 Discussion
CRISC Exam Topic 37 Question 369 Discussion:
Question #: 369
Topic #: 37
Which of the following requirements is MOST important to include in an outsourcing contract to help ensure sensitive data stored with a service provider is secure?
A.
A third-party assessment report of control environment effectiveness must be provided at least annually.
B.
Incidents related to data toss must be reported to the organization immediately after they occur.
C.
Risk assessment results must be provided to the organization at least annually.
D.
A cyber insurance policy must be purchased to cover data loss events.
The most important requirement to include in an outsourcing contract to help ensure sensitive data stored with a service provider is secure is a third-party assessment report of control environment effectiveness. This will help to verify that the service provider has implemented adequate security controls and practices to protect the data, and that they comply with the enterprise’s security policies and standards. A third-party assessment report also provides an independent and objective assurance of the service provider’s security posture and performance. Incidents related to data loss, risk assessment results, and cyber insurance policy are also important requirements to include in an outsourcing contract, but they are not as important as a third-party assessment report. References = Risk and Information Systems Control Study Manual, 7th Edition, Chapter 5, Section 5.2.1.2, page 2461
1: ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide, Answer to Question 643.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit