Your company is in the process of selecting a cloud service provider to host critical infrastructure. Your management team wants to ensure thorough evaluation of potential vendors to avoid legal, compliance, and operational risks. Which of the following actions exemplifies proper due diligence in this scenario?
Review the company's own internal information security policies.
Agree on the pricing and service level agreements.
Review third-party audit reports of the vendors.
Select a vendor based on the recommendation of an acquaintance at a partnering organization.
Reviewing third-party audit reports of the vendors provides an in-depth analysis of their security controls and compliance with industry standards. It is a crucial aspect of due diligence that helps in understanding the vendor's capabilities and in making an informed decision. The incorrect options, while possibly part of other processes, do not directly relate to the assessment of the risk and controls of the vendor as part of due diligence. For example, agreeing on the prices does not assess risk or security capabilities, and reviewing the company's own internal policies will not provide information on the vendor's practices.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are third-party audit reports and why are they important?
Open an interactive chat with Bash
What are service level agreements (SLAs) and how do they relate to vendor selection?
Open an interactive chat with Bash
How can reviewing internal security policies help in vendor selection?