Certified Information Systems Auditor (CISA) — Question 1134

Which of the following is MOST important for an organization to include in a software escrow agreement when outsourcing software development to a third party?

Answer options

• A. The escrow agent repository is to be updated as the software product evolves.
• B. The escrow agent repository is to be subject to periodic audits by the organization.
• C. The escrow agent repository is to be securely protected against vendor access.
• D. The escrow agent repository is to be held in the organization's own country.

Correct answer: A

Explanation

The correct answer is A because ensuring that the escrow agent repository is updated as the software evolves is crucial for maintaining access to the most current version of the software. Options B, C, and D, while important, do not directly address the need for ongoing updates that reflect changes in the software product, which is the primary concern in an escrow agreement.