Home » Isaca » CISM » Which of the following should the organization do FIRST?
An organization plans to outsource its customer relationship management (CRM) to a third-party service provider. Which of the following should the organization do FIRST?
A. Request that the third-party provider perform background checks on their employees.
B. Perform an internal risk assessment to determine needed controls.
C. Audit the third-party provider to evaluate their security controls.
D. Perform a security assessment to detect security vulnerabilities.
Correct Answer: B
Explanation/Reference:
Explanation:
An internal risk assessment should be performed to identify the risk and determine needed controls. A background check should be a standard requirement for the service provider. Audit objectives should be determined from the risk assessment results. Security assessment does not cover the operational risks.
Download Printable PDF. VALID exam to help you PASS.
|
|