Certified Information Security Manager (CISM) — Question 669

Which of the following provides the MOST assurance that a third-party hosting provider will be able to meet availability requirements?

Answer options

• A. The third party's business continuity plan (BCP)
• B. The third party's incident response plan
• C. Right-to-audit clause
• D. Service level agreement (SLA)

Correct answer: D

Explanation

The Service Level Agreement (SLA) explicitly outlines the availability commitments and performance metrics that the third-party provider must adhere to, thus providing the most assurance. The business continuity plan (BCP) and incident response plan are important but do not guarantee specific availability levels, while a right-to-audit clause allows for oversight but does not ensure service delivery.