While auditing an IT department’s cloud service provider, the IS auditor found that privileged access monitoring is not being performed as required by the contract. The provider disagrees with this issue and notes that compensating controls are in place. The IS auditor’s NEXT course of action should be to:
A. test compensating controls as part of the audit.
B. define a remediation plan.
C. review privileged access logs.
D. recommend revising the service level agreement (SLA).
A. test compensating controls as part of the audit.
B. define a remediation plan.
C. review privileged access logs.
D. recommend revising the service level agreement (SLA).