Certified in Risk and Information Systems Control (CRISC) — Question 387

Which of these documents is MOST important to request from a cloud service provider during a vendor risk assessment?

Answer options

• A. Business impact analysis (BIA)
• B. Service level agreement (SLA)
• C. Independent audit report
• D. Nondisclosure agreement (NDA)

Correct answer: C

Explanation

The Independent audit report is crucial because it provides an objective evaluation of the cloud service provider's security and compliance measures. The other documents, while important, do not offer the same level of assurance regarding the provider's risk management practices.