Which of the following is the MOST important reason for an information security review of contracts? To help
ensure that:

A.
the parties to the agreement can perform.

B.
confidential data are not included in the agreement.

C.
appropriate controls are included.

D.
the right to audit is a requirement.

Explanation:

Agreements with external parties can expose an organization to information security risks that must be assessed and appropriately mitigated. The ability of the parties to perform is normally the responsibility of legal and the business operation involved. Confidential information may be in the agreement by necessity and. while the information security manager can advise and provide approaches to protect the information, the responsibility rests with the business and legal. Audit rights may be one of many possible controls to include in a third-party agreement, but is not necessarily a contract requirement, depending on the nature of the agreement.