CISA Certified Information Systems Auditor – Question0960

When an organization and its IT-hosting service provider are establishing a contract with each other, it is MOST important that the contract includes:

A.
each party’s security responsibilities
B. details of expected security metrics
C. penalties for noncompliance with security policy
D. recovery time objectives (RTOs)

Correct Answer: A