Which of the following should the organization do FIRST?

An organization plans to outsource its customer relationship management (CRM) to a third-party
service provider. Which of the following should the organization do FIRST?

An organization plans to outsource its customer relationship management (CRM) to a third-party
service provider. Which of the following should the organization do FIRST?

A.
Request that the third-party provider perform background checks on their employees.

B.
Perform an internal risk assessment to determine needed controls.

C.
Audit the third-party provider to evaluate their security controls.

D.
Perform a security assessment to detect security vulnerabilities.

Explanation:

An internal risk assessment should be performed to identify the risk and determine needed
controls. A background check should be a standard requirement for the service provider. Audit
objectives should be determined from the risk assessment results. Security assessment does not
cover the operational risks.



Leave a Reply 0

Your email address will not be published. Required fields are marked *