CISM Certified Information Security Manager – Question0602

A third-party service provider is developing a mobile app for an organization’s customers. Which of the following issues should be of GREATEST concern to the information security manager?

A.
Software escrow is not addressed in the contract.
B. The contract has no requirement for secure development practices.
C. The mobile app’s programmers are all offshore contractors.
D. SLAs after deployment are not clearly defined.

Correct Answer: B