Notifications
Clear all
Topic starter
16/05/2022 7:58 am
A compliance officer of a large organization has reviewed the firm's vendor management program but has discovered there are no controls defined to evaluate third-party risk or hardware source authenticity. The compliance officer wants to gain some level of assurance on a recurring basis regarding the implementation of controls by third parties.
Which of the following would BEST satisfy the objectives defined by the compliance officer? (Choose two.)
- A . Executing vendor compliance assessments against the organization's security controls
- B . Executing NDAs prior to sharing critical data with third parties
- C . Soliciting third-party audit reports on an annual basis
- D . Maintaining and reviewing the organizational risk assessment on a quarterly basis
- E . Completing a business impact assessment for all critical service providers
- F . Utilizing DLP capabilities at both the endpoint and perimeter levels
Suggested Answer: A,C