CRISC Certified in Risk and Information Systems Control – Question756

Which of the following is MOST important to include when identifying risk scenarios for inclusion in a risk review of a third-party service provider?

A.
Open vendor issues.
B. Purchasing agreements.
C. Supplier questionnaires.
D. Process mapping.

Correct Answer: D