CRISC Certified in Risk and Information Systems Control – Question639

An organization is planning to engage a cloud-based service provider for some of its data-intensive business processes. Which of the following is MOST important to help define the IT risk associated with this outsourcing activity?

A.
Service level agreement
B. Right to audit the provider
C. Customer service reviews
D. Scope of services provided

Correct Answer: A