Question

As part of the asset management life cycle, a company engages a certified equipment disposal vendor to appropriately recycle and destroy company assets that are no longer in use.

As part of the company's vendor due diligence, which of the following would be MOST important to obtain from the vendor?

A. A copy of the vendor's information security policies.
B. A copy of the current audit reports and certifications held by the vendor.
C. A signed NDA that covers all the data contained on the corporate systems.
D. A copy of the procedures used to demonstrate compliance with certification requirements.

Answer 1

Obtaining a copy of the current audit reports and certifications held by the vendor would be the most important as part of the company's vendor due diligence. Additionally, a copy of the vendor's information security policies and the procedures used to demonstrate compliance with certification requirements are also important.

Step-by-step explanation:

As part of the asset management life cycle, a company engages a certified equipment disposal vendor to appropriately recycle and destroy company assets that are no longer in use. In vendor due diligence, obtaining a copy of the current audit reports and certifications held by the vendor would be the most important. This information provides evidence that the vendor has met certain standards and has been audited by a third party to ensure compliance.

Additionally, a copy of the vendor's information security policies is also crucial. This helps ensure that the vendor has adequate measures in place to protect the data contained on the corporate systems during the disposal process.

Lastly, a copy of the procedures used to demonstrate compliance with certification requirements is important. This allows the company to validate that the vendor follows proper processes to maintain compliance with certification standards.