Register
An infrastructure team is at the end of a procurement process and has selected a vendor. As part of the final negotiation, there are a number of outstanding issues, including: 1. Indemnity clauses have
189k views
0 votes
An infrastructure team is at the end of a procurement process and has selected a vendor. As part of the final negotiation, there are a number of outstanding issues, including:

1. Indemnity clauses have identified the maximum liability.
2. The data will be hosted and managed outside of the company's geographical location.
The number of users accessing the system will be small, and no sensitive data will be hosted in the solution.

As the security consultant of the project, which of the following should the project's security consultant recommend as the NEXT step?

A. Develop a security exemption, as it does not meet the security policies.
B. Require the solution owner to accept the identified risks and consequences.
C. Mitigate the risk by asking the vendor to accept the in-country privacy principles.
D. Review the procurement process to determine the lessons learned.

User Nino Filiu
by
8.3k points

1 Answer

4 votes

Final answer:

The security consultant should require the solution owner to accept the identified risks and consequences of the project, which includes hosting data outside of the company's geographical location. Formal documentation of this acceptance is necessary, aligning with recognized privacy principles and ensuring clear communication.

Step-by-step explanation:

As the security consultant of the project, the recommended NEXT step is to require the solution owner to accept the identified risks and consequences. Since no sensitive data will be hosted and the number of users accessing the system will be small, the risks may be considered acceptable. However, it is crucial to document this acceptance formally to ensure that the solution owner is aware of the potential risks involved with the data being hosted and managed outside of the company's geographical location. This can help in aligning with the Personal Data Notification & Protection Act of 2017 that emphasizes the importance of addressing security breaches by defining them comprehensively.

The procurement process concludes with lessons learned, but this step usually comes after the project's completion rather than during the final negotiation phase. Eliciting buy-in from the solution owner on the identified risks aligns with best practices in project management, allowing for clear communication and agreement before moving forward.

User Nikita Kakuev
by
8.0k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

9.5m questions

12.2m answers

Other Questions

Who was Adam Smith ? Anybody?
What can turn igneous rock into sediment?
In what way did the GI Bill contribute to the growth of professional and white-collar jobs ? A.by providing US laborers with new job-training programs B.by giving US veterans assistance to purchase a new
What is meant by data mining ?
You sell popcorn during your schools football games. Knowing that the people usually buy more when the price is lower, how would you price your popcorn after halftime?
Link Copied!