Certified Information Security Manager (CISM) — Question 425

What is the role of the information security manager in finalizing contract negotiations with service providers?

Answer options

• A. To perform a risk analysis on the outsourcing process
• B. To obtain a security standard certification from the provider
• C. To update security standards for the outsourced process
• D. To ensure that clauses for periodic audits are included

Correct answer: D

Explanation

The correct answer is D because it is essential for the information security manager to ensure that the contract includes clauses for periodic audits to maintain compliance and security throughout the service engagement. Options A, B, and C, while important, do not directly relate to the finalization of contract negotiations with service providers.