A financial institution has decided to purchase a very expensive resource management system
and has selected the product and vendor. The vendor is experiencing some minor, but public,
legal issues. Senior management has some concerns on maintaining this system should the
vendor go out of business. Which of the following should the Chief Information Security Officer
(CISO) recommend to BEST limit exposure?
A.
Include a source code escrow clause in the contract for this system.
B.
Require proof-of-insurance by the vendor in the RFP for this system.
C.
Include a penalty clause in the contract for this system.
D.
Require on-going maintenance as part of the SLA for this system.