CISA Certified Information Systems Auditor – Question0482

Which of the following is the MOST effective way for an organization to ensure its third-party service providers are aware of information security requirements and expectations?

A.
Providing information security training to third-party personnel
B. Auditing the service delivery of third-party providers
C. Inducting information security clauses within contracts
D. Requiring third parties to sign confidentiality agreements

Correct Answer: C