What should organizations periodically review based on risk?

Prepare for the ISACA Advanced in AI Security Management (AAISM) Test. Study with in-depth multiple choice questions, each offering insightful hints and detailed explanations. Equip yourself with expert knowledge and get exam-ready!

Multiple Choice

What should organizations periodically review based on risk?

Explanation:
Periodic review of service level agreements with external providers is essential to managing third-party risk. SLAs specify commitments around availability, security controls, incident response, data handling, and audit rights; as the organization’s risk landscape changes, these terms may no longer align with the desired risk tolerance. Regularly updating SLAs helps ensure controls and responsibilities stay adequate and compliant with regulatory needs. Other options address internal processes or separate objectives that aren’t as directly tied to risk-based governance in vendor relationships.

Periodic review of service level agreements with external providers is essential to managing third-party risk. SLAs specify commitments around availability, security controls, incident response, data handling, and audit rights; as the organization’s risk landscape changes, these terms may no longer align with the desired risk tolerance. Regularly updating SLAs helps ensure controls and responsibilities stay adequate and compliant with regulatory needs. Other options address internal processes or separate objectives that aren’t as directly tied to risk-based governance in vendor relationships.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy