CISA Certified Information Systems Auditor – Question0033

An organization is considering outsourcing the processing of customer insurance claims. An IS auditor notes that customer data will be sent offshore for processing. Which of the following would be the BEST way to address the risk of exposing customer data?

A.
Require background checks on all service provider personnel involved in the processing of data.
B. Recommend the use of a service provider within the same country as the organization.
C. Consider whether the service provider has the ability to meet service level agreements (SLAs).
D. Assess whether the service provider meets the organization’s data protection policies.

Correct Answer: D