What, if anything, should occur?

seenagapeFebruary 13, 2018

An organization has a process in place that involves the use of a vendor. A risk assessment was completed
during the development of the process. A year after the implementation a monetary decision has been made to
use a different vendor. What, if anything, should occur?

PrepAway - Latest Free Exam Questions & Answers

A.
Nothing, since a risk assessment was completed during development.

B.
A vulnerability assessment should be conducted.

C.
A new risk assessment should be performed.

D.
The new vendor’s SAS 70 type II report should be reviewed.

Explanation:
The risk assessment process is continual and any changes to an established process should include a newrisk assessment. While a review of the SAS 70 report and a vulnerability assessment may be components of a risk assessment, neither would constitute sufficient due diligence on its own.

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

ISACA Exam Questions

Free ISACA Study Guide

What, if anything, should occur?

Leave a Reply Cancel reply