Certified Information Systems Auditor (CISA) — Question 1086

Which of the following is the BEST way to mitigate the risk of services no longer being available from a bankrupt Software as a Service (SaaS) provider?

Answer options

• A. Including service level agreements (SLAs) in the contract
• B. Retaining copies of the software for emergency situations
• C. Having a software escrow agreement with a third party
• D. Backing up the data processed by the software

Correct answer: D

Explanation

Backing up the data processed by the software ensures that you retain access to your important information even if the SaaS provider becomes unavailable. While SLAs, software copies, and escrow agreements can provide some level of protection, they do not guarantee access to your critical data in the event of a provider's bankruptcy.