During a risk assessment, a key external technology supplier refuses to provide control design and effectiveness information, citing confidentiality concerns. What should the risk practitioner do NEXT?
A.
Escalate the non-cooperation to management
B.
Exclude applicable controls from the assessment
C.
Review the supplier's contractual obligations
D.
Request risk acceptance from the business process owner
With third party risk you have to understand what options are open to you in regards to assessing a third party. That comes from language in the contract such as right to audit, etc.
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
CbtL
8 months, 2 weeks agoKoulyo
9 months, 1 week ago