Certified Information Systems Auditor (CISA) — Question 1026

A credit card company has decided to outsource the printing of customer statements. It is MOST important for the company to verify whether:

Answer options

• A. the provider has alternate service locations.
• B. the contract includes compensation for deficient service levels.
• C. the provider adheres to the company's data retention policies.
• D. the provider's information security controls are aligned with the company's.

Correct answer: D

Explanation

The correct answer is D because ensuring that the provider's information security controls are in line with the company's is crucial to protect sensitive customer data. While options A, B, and C are important considerations, they do not directly address the security of the information being handled, which is a top priority when outsourcing such services.