CISA Certified Information Systems Auditor – Question0454

An organization has outsourced many application development activities to a third party that uses contract programmers extensively. Which of the following would provide the BEST assurance that the third party’s contract programmers comply with the organization’s security policies?

A.
Perform periodic security assessments of the contractors’ activities.
B. Conduct periodic vulnerability scans of the application.
C. Include penalties for noncompliance in the contracting agreement.
D. Require annual signed agreements of adherence to security policies.

Correct Answer: A