Certified Information Systems Auditor (CISA) — Question 806

An organization is planning to hire a third party to develop software. What is the MOST appropriate way for the organization to ensure access to code if the software development company goes out of business?

Answer options

• A. Establish a software escrow agreement.
• B. Request a copy of the software.
• C. Establish a service level agreement (SLA).
• D. Request software licenses.

Correct answer: A

Explanation

The best option is to establish a software escrow agreement, as it provides a legal framework for accessing the source code if the vendor goes out of business. Simply requesting a copy of the software does not guarantee future access to the code, while a service level agreement (SLA) focuses on service performance rather than code access. Requesting software licenses does not ensure access to the underlying code either.