Certified Information Security Manager (CISM) — Question 292

An information security manager has been asked to provide contract guidance from a security perspective for outsourcing the organization's payroll processing
Which of the following is MOST important to address?

Answer options

• A. Vendor compliance with the most stringent data security regulations
• B. Vendor compliance with the organization's information security policies
• C. Vendor compliance with organizational service level agreement (SLA) requirements
• D. Vendor compliance with recognized industry security standards

Correct answer: B

Explanation

The correct answer is B because ensuring that the vendor complies with the organization's own information security policies is critical to maintain the security posture and integrity of sensitive payroll data. The other options, while important, do not directly ensure that the vendor aligns with the specific security measures and protocols that the organization has established.