Certified Information Security Manager (CISM) — Question 89

Which of the following is MOST important to include in a contract with a critical service provider to help ensure alignment with the organization's information security program?

Answer options

• A. Escalation paths
• B. Termination language
• C. Key performance indicators (KPIs)
• D. Right-to-audit clause

Correct answer: D

Explanation

The 'Right-to-audit clause' is essential as it allows the organization to verify that the service provider is adhering to security standards and practices. While escalation paths, termination language, and KPIs are important for managing the relationship and measuring performance, they do not directly ensure compliance with information security requirements.