When an organization is setting up a relationship with a third-party IT service provider, which of the following is one of the MOST important topics to include in the contract from a security standpoint?
A . Compliance with international security standards.
B . Use of a two-factor authentication system.
C . Existence of an alternate hot site in case of business disruption.
D . Compliance with the organization’s information security requirements.
Answer: D
Explanation:
Prom a security standpoint, compliance with the organization’s information security requirements is one of the most important topics that should be included in the contract with third-party service provider. The scope of implemented controls in any ISO 27001-compliant organization depends on the security requirements established by each organization. Requiring compliance only with this security standard does not guarantee that a service provider complies with the organization’s security requirements. The requirement to use a specific kind of control methodology is not usually stated in the contract with third- party service providers.
Leave a Reply