Certified Information Systems Auditor (CISA) — Question 115

An organization has outsourced the maintenance of its customer database to an external vendor, and the vendor has requested live data to test the performance of the database. Which of the following is MOST important for the IS auditor to recommend?

Answer options

• A. Ensure sensitive field data is anonymized by random characters.
• B. Ensure both parties agree the data will be destroyed after the testing is complete.
• C. Ensure the data is backed up before providing it to the vendor.
• D. Ensure data transfer details are specified in the service engagement contract.

Correct answer: D

Explanation

The correct answer is D because specifying data transfer details in the service engagement contract is essential for legal and compliance reasons. Options A, B, and C, while important, do not address the necessity of having clear contractual obligations regarding data handling and transfer, which is crucial in protecting sensitive information.