An organization that outsourced its payroll processing performed an independent assessment of
the security controls of the third party, per policy requirements. Which of the following is the MOST
useful requirement to include in the contract?
A.
Right to audit
B.
Nondisclosure agreement
C.
Proper firewall implementation
D.
Dedicated security manager for monitoring compliance
Explanation:
Right to audit would be the most useful requirement since this would provide the company the
ability to perform a security audit/assessment whenever there is a business need to examine
whether the controls are working effectively at the third party. Options B, C and D are important
requirements and can be examined during the audit. A dedicated security manager would be a
costly solution and not always feasible for most situations.