Certified Information Security Manager (CISM) — Question 474

Which of the following would BEST help to ensure compliance with an organization's information security requirements by an IT service provider?

Answer options

• A. Requiring an external security audit of the IT service provider
• B. Defining the business recovery plan with the IT service provider
• C. Defining information security requirements with internal IT
• D. Requiring regular reporting from the IT service provider

Correct answer: A

Explanation

An external security audit provides an unbiased assessment of the IT service provider's compliance with security requirements, making it the best option. While defining a business recovery plan or specifying internal requirements is important, these actions do not ensure independent verification of compliance. Regular reporting can help track compliance but lacks the thorough examination an audit provides.