Certified Information Security Manager (CISM) — Question 756

In a business proposal, a potential vendor promotes being certified for international security standards as a measure of its security capability. Before relying on this certification, it is MOST important that the information security manager confirms that the:

Answer options

• A. certification scope is relevant to the service being offered
• B. certification will remain current through the life of the contract
• C. current international standard was used to assess security processes
• D. certification can be extended to cover the client's business

Correct answer: A

Explanation

The correct answer is A because the relevance of the certification scope to the offered service directly impacts its applicability and effectiveness. Options B, C, and D are less critical; while they address important aspects, they do not ensure that the certification aligns with the specific services being provided.