CISM Certified Information Security Manager – Question0181

When an organization and its IT-hosting service provider are establishing a contract with each other, it is MOST important that the contract includes:

A.
details of expected security metrics.
B. each party’s security responsibilities.
C. penalties for noncompliance with security policy.
D. recovery time objectives (RTOs).

Correct Answer: B

Explanation:

Explanation: It’s very important when organization start work with third party before signing the SLA negotiate the company current security needs and new security risk.