Certified Information Systems Auditor (CISA) — Question 1153

Which of the following would BEST reduce the operational risks associated with the potential for a third-party software vendor to go out of business?

Answer options

• A. Software escrow agreements
• B. Service level agreements (SLAs) in the contract
• C. Evidence of the vendor’s financial stability
• D. Vendor software support agreements

Correct answer: A

Explanation

Software escrow agreements provide a safety net by ensuring that the source code and necessary documentation are held in trust, allowing a company to access the software if the vendor goes out of business. On the other hand, SLAs, evidence of financial stability, and support agreements do not directly address the risk of a vendor's failure to deliver the software or services due to insolvency.