CISM Certified Information Security Manager – Question0218

An outsourced vendor handles an organization's business-critical data. Which of the following is the MOST effective way for the client organization to obtain assurance of the vendor's security practices?

A.
Verifying security certifications held by the vendor
B. Reviewing the vendor's security audit reports
C. Requiring periodic independent third-party reviews
D. Requiring business continuity plans (BCPs) from the vendor

Correct Answer: C