CRISC Certified in Risk and Information Systems Control – Question737

A trusted third party service provider has determined that the risk of a client’s systems being hacked is low. Which of the following would be the client’s BEST course of action?

A.
Perform an independent audit of the third party.
B. Accept the risk based on the third party’s risk assessment.
C. Perform their own risk assessment.
D. Implement additional controls to address the risk.

Correct Answer: A