Exam CISA topic 1 question 983 discussion

The correct answer is D, Ensure data transfer details are specified in the service engagement contract. When an organization outsources the maintenance of its customer database to an external vendor, it is important for the IS auditor to ensure that the data transfer details are specified in the service engagement contract. This includes the specific types of data that will be shared with the vendor, the purpose of the data transfer, and any security measures that will be implemented to protect the data during the transfer. By specifying these details in the contract, the organization can ensure that the data transfer is conducted in a secure and transparent manner, and it can help to mitigate the risk of data breaches or unauthorized access to sensitive customer data.

Chat GPT & Google bard is saying A

anonymizing sensitive field data (option A), backing up the data before providing it to the vendor (option C), and specifying data transfer details in the service engagement contract (option D), are important considerations, ensuring an agreement to destroy the data after testing (option B) takes precedence because it directly addresses the risk of data misuse and unauthorized retention. The most appropriate answer is B

Confidentiality of data provided to vendors should be defined.

D is the correct answer. Contract details should include transfer details which are details of what data it will be, the disposed method, the protection and every other details should be specified in the contract

The most important recommendation for the IS auditor in this scenario is to ensure that both parties agree that the data will be destroyed after the testing is complete. This is crucial to protect the confidentiality and privacy of the customer data. While multiple considerations are important, the most critical recommendation is to ensure a clear agreement that the data will be destroyed after the testing process is complete.

Could the answer be A?