Before engaging outsourced providers, an information se…

Before engaging outsourced providers, an information security manager should ensure that the organization’s
data classification requirements:

Before engaging outsourced providers, an information security manager should ensure that the organization’s
data classification requirements:

A.
are compatible with the provider’s own classification.

B.
are communicated to the provider.

C.
exceed those of the outsourcer.

D.
are stated in the contract.

Explanation:

The most effective mechanism to ensure that the organization’s security standards are met by a third party, would be a legal agreement. Choices A. B and C are acceptable options, but not as comprehensive or as binding as a legal contract.



Leave a Reply 0

Your email address will not be published. Required fields are marked *