An IS audit review identifies inconsistencies in privacy requirements across third-party service provider contracts. Which of the following is the BEST recommendation to address this situation?
A.
Prioritize contract amendments for third-party providers.
B.
Review privacy requirements when contracts come up for renewal.
C.
Suspend contracts with third-party providers that handle sensitive data.
D.
Require third-party providers to sign nondisclosure agreements (NDAs).
A. Prioritize contract amendments for third-party providers.
This is the most proactive and comprehensive approach to addressing inconsistent privacy requirements. By prioritizing contract amendments, the organization can:
Establish consistent privacy standards: Ensure all third-party providers adhere to the same level of data protection.
Mitigate risks: Reduce the likelihood of data breaches and regulatory non-compliance.
Enhance legal protection: Strengthen the organization's position in case of data incidents.
It is good practice to sign an NDA to ensure compliance with your company's privacy policy. Third-party agreements are unacceptable requests for changes that benefit only your company, since other companies also use the service.
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
KAP2HURUF
9 months, 3 weeks agoSwallows
1 year, 1 month agoa84n
1 year ago