CRISC Certified in Risk and Information Systems Control – Question696

When using a third party to perform penetration testing, which of the following is the MOST important control to minimize operational impact?

A.
Require the vendor to have liability insurance.
B. Perform a background check on the vendor.
C. Require the vendor to sign a nondisclosure agreement.
D. Clearly define the project scope.

Correct Answer: D