CISM Certified Information Security Manager – Question1266

Which of the following is the FIRST step to perform before outsourcing critical information processing to a third party?

A.
Require background checks for third-party employees.
B. Perform a risk assessment.
C. Ensure that risks are formally accepted by third party.
D. Negotiate a service level agreement.

Correct Answer: B