Certified Information Systems Auditor (CISA) — Question 15

An organization has outsourced its data processing function to a service provider. Which of the following would BEST determine whether the service provider continues to meet the organization's objectives?

Answer options

• A. Periodic audits of controls by an independent auditor
• B. Adequacy of the service provider's insurance
• C. Assessment of the personnel training processes of the provider
• D. Review of performance against service level agreements (SLAs)

Correct answer: D

Explanation

The correct answer, D, is right because reviewing performance against SLAs directly measures whether the provider is achieving the agreed-upon service levels. The other options, while valuable, do not provide a direct assessment of performance in relation to the organization's objectives.