Certified in Risk and Information Systems Control (CRISC) — Question 826

A global company's business continuity plan (BCP) requires the transfer of its customer information systems to an overseas cloud service provider in the event of a disaster. Which of the following should be the MOST important risk consideration?

Answer options

• A. The lack of a service level agreement (SLA) in the vendor contract
• B. The cloud computing environment is shared with another company
• C. The organizational culture differences between each country
• D. The difference in the management practices between each company

Correct answer: A

Explanation

The most critical risk factor is the absence of a service level agreement (SLA) in the vendor contract, as it defines the expectations and responsibilities of the cloud provider. Without an SLA, there is no assurance of service quality or reliability. The other options, while relevant, do not pose as immediate a risk to the continuity of customer information systems as the lack of a formal agreement.