Certified in Risk and Information Systems Control (CRISC) — Question 739

The purpose of requiring source code escrow in a contractual agreement is to:

Answer options

• A. ensure that the source code is available if the vendor ceases to exist.
• B. ensure the source code is available when bugs occur.
• C. review the source code for adequacy of controls.
• D. ensure that the source code is valid and exists.

Correct answer: A

Explanation

The correct answer, A, highlights the primary function of source code escrow, which is to provide access to the source code in case the vendor is no longer operational. Options B, C, and D do not capture the main purpose of escrow, as they focus on scenarios that do not address the risk of vendor failure.