Certified Information Security Manager (CISM) — Question 1242

To ensure the information security of outsourced IT services, which of the following is the MOST critical due diligence activity?

Answer options

• A. Assess the level of security awareness of the service provider.
• B. Review a recent independent audit report of the service provider.
• C. Review samples of service level reports from the service provider.
• D. Request the service provider comply with information security policy.

Correct answer: B

Explanation

The correct answer is B because a recent independent audit report provides an objective assessment of the service provider's security controls and compliance. Options A, C, and D are important, but they do not offer the same level of assurance regarding the effectiveness of the provider's security measures as an independent audit report does.