CompTIA CASP+ (CAS-003) — Question 224

As part of the asset management life cycle, a company engages a certified equipment disposal vendor to appropriately recycle and destroy company assets that are no longer in use. As part of the company's vendor due diligence, which of the following would be MOST important to obtain from the vendor?

Answer options

• A. A copy of the vendor's information security policies.
• B. A copy of the current audit reports and certifications held by the vendor.
• C. A signed NDA that covers all the data contained on the corporate systems.
• D. A copy of the procedures used to demonstrate compliance with certification requirements.

Correct answer: D

Explanation

The correct answer is D because understanding how the vendor ensures compliance with certification requirements is critical for verifying their capability and reliability in handling sensitive equipment disposal. While options A, B, and C are also important, they do not directly address the vendor's ability to demonstrate compliance with necessary standards related to asset disposal.