Certified Information Security Manager (CISM) — Question 302

Which of the following should include contact information for representatives of equipment and software vendors?

Answer options

• A. Business continuity plan (BCP)
• B. Service level agreements (SLAs)
• C. Information security program charter
• D. Business impact analysis (BIA)

Correct answer: A

Explanation

The correct answer is A, as a Business Continuity Plan (BCP) should include contact information for vendors to ensure quick access during emergencies. Options B, C, and D serve different purposes: SLAs outline service expectations, the information security program charter sets security policies, and the BIA assesses the impact of interruptions, but none are focused on vendor contacts.