CISA Certified Information Systems Auditor – Question0786

Which of the following would BEST provide an information security manager with sufficient assurance that a service provider complies with organization’s information security requirements?

A.
A live demonstration of the third-party supplier’s security capabilities
B. Third-party security control self-assessment results
C. An independent review report indicating compliance with industry standards
D. The ability to audit the third-party supplier’s IT systems and processes

Correct Answer: C