Free CompTIA Security+ SY0-701 Practice Question
Your company is entering into a partnership with a third-party vendor to outsource the processing of customer data. The vendor will handle sensitive financial records. As the company's information security manager responsible for maintaining data security and compliance, you want to ensure you have the ability to verify the vendor's adherence to industry standards and regulatory requirements. Which of the following should you make sure is incorporated into the vendor contract?
A clause that allows your organization to conduct regular audits of the vendor's security measures to ensure compliance
A clause that exclusively requires the vendor to utilize encryption for all stored data without mention of audit rights
A clause that mandates the vendor to provide annual security awareness training to their employees
A clause that solely restricts the types of data the vendor can process, without providing audit rights
