exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam

Exam CISA topic 1 question 1409 discussion

Actual exam question from Isaca's CISA
Question #: 1409
Topic #: 1
[All CISA Questions]

A contract for outsourcing IS functions should always include:

  • A. a provision for an independent audit of the contractor's operations.
  • B. data transfer protocols.
  • C. the names and roles of staff to be employed in the operation.
  • D. full details of security procedures to be observed by the contractor.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
choboanon
3 months, 3 weeks ago
Selected Answer: A
Answer is A.
upvoted 1 times
...
46080f2
9 months ago
Selected Answer: A
Including a provision for an independent audit of the contractor's operations ensures that the contracting organization can verify compliance with agreed standards, security measures, and performance metrics. This helps maintain accountability and transparency, ensuring that the outsourced functions meet the required quality and security standards. While the other options (B, C, and D) are also important and may be included in a comprehensive outsourcing contract, the ability to conduct an independent audit is crucial for ongoing oversight and risk management.
upvoted 1 times
...
Swallows
9 months, 3 weeks ago
Selected Answer: D
While an independent audit of the contractor's operations (Option A) is essential for ensuring accountability and transparency, providing full details of security procedures (Option D) is crucial for safeguarding sensitive data, maintaining the confidentiality and integrity of information systems, and mitigating cybersecurity risks. Clear, comprehensive security procedures are essential for protecting the interests of both parties involved in the outsourcing arrangement. They establish a framework for ensuring the security and reliability of the outsourced IS functions, making Option D the best choice.
upvoted 1 times
...
a84n
10 months, 1 week ago
Selected Answer: D
Q keyword: A contract should always include Answer: D
upvoted 1 times
...
KAP2HURUF
1 year ago
Selected Answer: A
While option D is important as well, it does not always need to be documented in detail in the contract. The specific security procedures a contractor uses may be proprietary information that they are not willing or able to share in full - but they should be able to demonstrate that their security procedures meet certain standards. On the other hand, a provision for an independent audit of the contractor's operations is non-negotiable and should always be included in the contract. This allows the company outsourcing their IS functions to ensure that contractual obligations related to data privacy, service level agreements, etc., are being met by the contractor.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago