An IS audit review identifies inconsistencies in privacy requirements across third-party service provider contracts. Which of the following is the BEST recommendation to address this situation?
A.
Prioritize contract amendments for third-party providers.
B.
Review privacy requirements when contracts come up for renewal.
C.
Suspend contracts with third-party providers that handle sensitive data.
D.
Require third-party providers to sign nondisclosure agreements (NDAs).
A. Prioritize contract amendments for third-party providers.
This is the most proactive and comprehensive approach to addressing inconsistent privacy requirements. By prioritizing contract amendments, the organization can:
Establish consistent privacy standards: Ensure all third-party providers adhere to the same level of data protection.
Mitigate risks: Reduce the likelihood of data breaches and regulatory non-compliance.
Enhance legal protection: Strengthen the organization's position in case of data incidents.
It is good practice to sign an NDA to ensure compliance with your company's privacy policy. Third-party agreements are unacceptable requests for changes that benefit only your company, since other companies also use the service.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
KAP2HURUF
3 months, 3 weeks agoSwallows
8 months agoa84n
6 months, 2 weeks ago