Question

An enterpirse has outsourced several business functions to a firm in another country, including IT development, data hosting and support. What is the MOST important question the risk professional will ask in relation to the outsourcing arrangements?

A. Are policies and procedures in place to handle security exceptions?
B. Is the outsourcing supplier meeting the terms of the service level agreements?
C. Is the security program of the outsourcing provider based on an international standard (e.g., ISO)?
D. Are specific security controls mandated in the outsourcing contract/agreement?

Answer 1

The correct answer is option d) Are specific security controls mandated in the outsourcing contract/agreement?

Step-by-step explanation:

In outsourcing business functions to a firm, you have to ensure that certain things are put in place in the agreement. Because what ever wasn't sign in the agreement might not be considered after the agreement. In this scenario, the risk professional needed to know if security controls was mandated in the outsourcing agreement reason been that if it wasn't, the outsourcing firm won't be held responsible for any thing that goes wrong in terms of security.