A business partner of a factory has remote read-only access to material inventory to forecast
future acquisition orders. An information security manager should PRIMARILY ensure that there
is:
A.
an effective control over connectivity and continuity.
B.
a service level agreement (SLA) including code escrow.
C.
a business impact analysis (BIA).
D.
a third-party certification.
Explanation:
The principal risk focus is the connection procedures to maintain continuity- in case of any
contingency. Although an information security manager may be interested in the service level
agreement (SLA), code escrow is not a concern. A business impact analysis (BIA) refers to
contingency planning and not to system access. Third-party certification does not provide any
assurance of controls over connectivity to maintain continuity.