Certified Information Systems Auditor (CISA) — Question 937

An IS audit review identifies inconsistencies in privacy requirements across third-party service provider contracts. Which of the following is the BEST recommendation to address this situation?

Answer options

• A. Prioritize contract amendments for third-party providers.
• B. Review privacy requirements when contracts come up for renewal.
• C. Suspend contracts with third-party providers that handle sensitive data.
• D. Require third-party providers to sign nondisclosure agreements (NDAs).

Correct answer: A

Explanation

The best recommendation is to prioritize contract amendments for third-party providers, as this action directly addresses the identified inconsistencies. Reviewing privacy requirements at renewal or suspending contracts may not effectively resolve the current issues, while requiring NDAs does not rectify the contractual discrepancies in privacy obligations.