A business partner of a factory has remote read-only access to material inventory to forecast
future acquisition orders. An information security manager should PRIMARILY ensure that there
is:

A.
an effective control over connectivity and continuity.

B.
a service level agreement (SLA) including code escrow.

C.
a business impact analysis (BIA).

D.
a third-party certification.

Explanation:

The principal risk focus is the connection procedures to maintain continuity- in case of any

contingency. Although an information security manager may be interested in the service level
agreement (SLA), code escrow is not a concern. A business impact analysis (BIA) refers to
contingency planning and not to system access. Third-party certification does not provide any
assurance of controls over connectivity to maintain continuity.