CISM Certified Information Security Manager – Question0708

Which of the following is the MOST effective way for an organization to ensure its third-party service providers are aware of information security requirements and expectations?

A.
Auditing the service delivery of third-party providers
B. Including information security clauses within contracts
C. Providing information security training to third-party personnel
D. Requiring third parties to sign confidentiality agreements

Correct Answer: B