What does Vendor Lock-in/Dependency refer to?

Prepare for the ISACA Advanced in AI Security Management (AAISM) Test. Study with in-depth multiple choice questions, each offering insightful hints and detailed explanations. Equip yourself with expert knowledge and get exam-ready!

Multiple Choice

What does Vendor Lock-in/Dependency refer to?

Explanation:
Vendor lock-in or dependency happens when an organization becomes tied to a single vendor’s technology stack, often through proprietary formats, APIs, or services. This creates risk because if that provider has an incident, outage, price change, or policy shift, the organization may struggle to switch suppliers quickly or recover, which can affect operations, data control, and regulatory compliance. It also raises switching costs and reduces bargaining power, making resilience harder. That’s why the best answer describes reliance on a single AI provider and vulnerability if that provider experiences an incident. The other options describe different concerns—insider threats, competitive risk, or productivity impact—that don’t capture the dependency on a single vendor as the source of risk. To mitigate this risk, consider using open standards, data portability, and a multi-provider or multi-cloud approach, plus clear exit rights and data ownership terms.

Vendor lock-in or dependency happens when an organization becomes tied to a single vendor’s technology stack, often through proprietary formats, APIs, or services. This creates risk because if that provider has an incident, outage, price change, or policy shift, the organization may struggle to switch suppliers quickly or recover, which can affect operations, data control, and regulatory compliance. It also raises switching costs and reduces bargaining power, making resilience harder.

That’s why the best answer describes reliance on a single AI provider and vulnerability if that provider experiences an incident. The other options describe different concerns—insider threats, competitive risk, or productivity impact—that don’t capture the dependency on a single vendor as the source of risk. To mitigate this risk, consider using open standards, data portability, and a multi-provider or multi-cloud approach, plus clear exit rights and data ownership terms.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy