Certified in the Governance of Enterprise IT (CGEIT) — Question 64

An enterprise is evaluating a Software-as-a-Service (SaaS) solution to support a core business process. There is no outsourcing governance or vendor management in place. The CEO's FIRST course of action should be to:

Answer options

• A. establish a contract with the SaaS solution provider.
• B. instruct management to use the standard procurement process.
• C. ensure the service level agreements (SLAs) for service providers are defined.
• D. ensure the roles and responsibilities to manage service providers are defined.

Correct answer: B

Explanation

The correct answer is B, as following the standard procurement process is essential to establish a framework for vendor engagement when no governance exists. Options A, C, and D may be important steps, but without the procurement process in place, the foundation for these actions is lacking.