Question 0933 - CISM Certified Information Security Manager

The BEST way to ensure that an external service provider complies with organizational security policies is to:

A. Explicitly include the service provider in the security policies.
B. Receive acknowledgment in writing stating the provider has read all policies.
C. Cross-reference to policies in the service level agreement
D. Perform periodic reviews of the service provider.

Correct Answer: D

Explanation:

Explanation:
Periodic reviews will be the most effective way of obtaining compliance from the external service provider. References in policies and service level agreements and requesting written acknowledgement will not be as effective since they will not trigger the detection of noncompliance.

CISM Certified Information Security Manager

Tag: Question 0933

CISM Certified Information Security Manager – Question0933