Certified Chief Information Security Officer (CCISO) — Question 148

What is the primary reason for performing vendor management?

Answer options

• A. To define the partnership for long-term success
• B. To understand the risk coverage that are being mitigated by the vendor
• C. To establish a vendor selection process
• D. To document the relationship between the company and vendor

Correct answer: B

Explanation

The primary reason for performing vendor management is to understand the risk coverage that is being mitigated by the vendor, as this helps in assessing potential vulnerabilities. While defining partnerships (A), establishing selection processes (C), and documenting relationships (D) are important, they are secondary to comprehending the risks involved.