When an organization is setting up a relationship with a third-party IT service provider, which of the following is one of the MOST important topics to include in the contract from a security standpoint?

A.
Compliance with international security standards.

B.
Use of a two-factor authentication system.

C.
Existence of an alternate hot site in case of business disruption.

D.
Compliance with the organization’s information security requirements.

Explanation:
From a security standpoint, compliance with the organization’s information security requirements is one of the most important topics that should be included in the contract with third-party service provider. The scope of implemented controls in any ISO 27001-compliant organization depends on the security requirements established by each organization. Requiring compliance only with this security standard does not guarantee that a service provider complies with the organization’s security requirements. The requirement to use a specific kind of control methodology is not usually stated in the contract with third-party service providers.