An organization decided to outsource its human resources function. As part of its process migration, the organization is implementing controls over sensitive employee data. What would be the most appropriate directive control in this area?
A.
Require a Service Organization Controls (SOC) report from the service provider
B.
Include a data protection clause in the contract with the service provider
C.
Obtain a nondisclosure agreement from each employee at the service provider who will handle sensitive data
D.
Encrypt the employee’s data before transmitting it to the service provider
Directive controls are policies, agreements, or guidelines that direct behavior and establish expectations to ensure compliance with security and privacy requirements.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
emtofid
1 month ago