Certified in Risk and Information Systems Control (CRISC) — Question 1122

Which of the following is MOST important when planning to implement a Software as a Service (SaaS) application to manage information?

Answer options

• A. Determining if sensitive data will be included
• B. Assessing if adequate deconversion services are available
• C. Reviewing service level agreements (SLAs)
• D. Obtaining the service provider’s controls attestation

Correct answer: A

Explanation

The most important consideration when implementing a SaaS application is determining if sensitive data will be included, as it directly impacts security and compliance. While assessing deconversion services, SLAs, and controls attestation are important, they are secondary to understanding the nature of the data being managed.