Certified Information Security Manager (CISM) — Question 189

What should be the GREATEST concern for an information security manager of a large multinational organization when outsourcing data processing to a cloud service provider?

Answer options

• A. Local laws and regulations
• B. Backup and restoration of data
• C. Vendor service level agreements (SLAs)
• D. Independent review of the vendor

Correct answer: A

Explanation

The utmost concern should be compliance with local laws and regulations, as failing to adhere to legal requirements can lead to significant penalties. While backup and restoration, SLAs, and vendor reviews are important, they do not carry the same legal implications that local laws do, making them secondary considerations.