Which of the following is the MOST important process that an information security manager needs to negotiate with an outsource service provider?

Which of the following is the MOST important process that an information security manager needs
to negotiate with an outsource service provider?

Which of the following is the MOST important process that an information security manager needs
to negotiate with an outsource service provider?

A.
The right to conduct independent security reviews

B.
A legally binding data protection agreement

C.
Encryption between the organization and the provider

D.
A joint risk assessment of the system

Explanation:

A key requirement of an outsource contract involving critical business systems is the
establishment of the organization’s right to conduct independent security reviews of the provider’s
security controls. A legally binding data protection agreement is also critical, but secondary to
choice A, which permits examination of the actual security controls prevailing over the system and.
as such, is the more effective risk management tool. Network encryption of the link between the
organization and the provider may well be a requirement, but is not as critical since it would also
be included in choice A. A joint risk assessment of the system in conjunction with the outsource
provider may be a compromise solution, should the right to conduct independent security reviews
of the controls related to the system prove contractually difficult.



Leave a Reply 0

Your email address will not be published. Required fields are marked *