CISA Certified Information Systems Auditor – Question0457

An information security manager is assisting in the development of the request for proposal (RFP) for a new outsourced service. This will require the third party to have access to critical business information. The security manager should focus PRIMARILY on defining:

A.
security requirements for the process being outsourced
B. security metrics
C. service level agreements (SLAs)
D. risk-reporting methodologies

Correct Answer: C