Certified in Risk and Information Systems Control (CRISC) — Question 474

Which of the following is MOST helpful to ensure effective security controls for a cloud service provider?

Answer options

• A. Internal audit reports from the vendor
• B. A control self-assessment
• C. A third-party security assessment report
• D. Service level agreement monitoring

Correct answer: C

Explanation

A third-party security assessment report (Option C) provides an unbiased evaluation of the cloud provider's security measures, making it the most reliable choice for ensuring effective security controls. Internal audit reports (Option A) and control self-assessments (Option B) may be biased, and while service level agreement monitoring (Option D) is important, it does not directly assess security effectiveness.