CISA Certified Information Systems Auditor – Question0845

A finance department director has decided to outsource the organization’s budget application and has identified potential providers. Which of the following actions should be initiated FIRST by the information security manager?

A.
Validate that connectivity to the service provider can be made securely.
B. Obtain audit reports on the service providers hosting environment.
C. Review the disaster recovery plans (DRP) of the providers.
D. Align the roles of the organization’s and the service providers’ staffs.

Correct Answer: B