A financial services company is procuring a new customer relationship management (CRM) software suite that will handle sensitive client data. A security analyst is advising the procurement team to ensure the new software does not introduce unnecessary risks. What is the MOST critical security-focused step in this acquisition process?
Negotiating the lowest cost for products
Conducting a security review of the vendor and their products
The correct answer is 'Conducting a security review of the vendor and their products'. Since the new CRM software will handle sensitive data, it is critical to evaluate the vendor's security practices and the product's security features. This review helps mitigate the risk of introducing vulnerabilities through a third-party product. Checking for compatibility is an important functional step, and negotiating cost is a business priority, but neither is the most critical security action. Choosing the newest features could even increase risk if they are not properly vetted.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is conducting a security review during procurement important?
Open an interactive chat with Bash
What should be included in a vendor security evaluation?
Open an interactive chat with Bash
How does a vendor’s compliance certification impact procurement decisions?