CRISC Certified in Risk and Information Systems Control – Question497

An organization has outsourced an application to a Software as a Service (SaaS) provider. The risk associated with the use of this service should be owned by the:

A.
service provider’s IT manager
B. service provider’s risk manager
C. organization’s business process manager
D. organization’s vendor manager

Correct Answer: C