CISM Certified Information Security Manager – Question0700

When developing a protection strategy for outsourcing applications, the information security manager MUST ensure that:

A.
escrow agreements are in place.
B. the security requirements are included in the service level agreement (SLA).
C. the responsibility for security is transferred in the service level agreement (SLA).
D. nondisclosure clauses are in the contract.

Correct Answer: B