Certified Information Security Manager (CISM) — Question 63

Which of the following clauses would represent the MOST significant potential exposure if included in a contract with a third-party service provider?

Answer options

• A. Provider responsibility in a disaster limited to best reasonable efforts
• B. Provider liability for loss of data limited to cost of physical media
• C. Audit rights limited to customer data and supporting infrastructure
• D. Access to escrowed software restricted to specific conditions

Correct answer: B

Explanation

Option B is correct because limiting the provider's liability for data loss to just the cost of physical media significantly reduces their accountability for potentially catastrophic data loss. The other options, while still concerning, do not impose as severe a limitation on the provider's liability or responsibilities.