nerdexam
Isaca

AAISM · Question #124

An organization is looking to purchase an AI application from a vendor but is concerned about the security of its data. Which of the following is the MOST effective way to address this concern?

The correct answer is C. Ensure vendors disclose how the application uses the organization's data. Ensuring vendors explicitly disclose how they collect, process, store, and share the organization's data gives the organization concrete, actionable information to evaluate data security posture and negotiate protective contractual terms. This goes beyond surface-level assurance.

AI Security Risk Management

Question

An organization is looking to purchase an AI application from a vendor but is concerned about the security of its data. Which of the following is the MOST effective way to address this concern?

Options

  • AMandate an AI security audit by an external auditor before procurement
  • BInitiate discussions between the organization's and the vendor's legal teams
  • CEnsure vendors disclose how the application uses the organization's data
  • DAssess the vendor's publicly available AI usage policy

How the community answered

(54 responses)
  • A
    9% (5)
  • B
    4% (2)
  • C
    70% (38)
  • D
    17% (9)

Explanation

Ensuring vendors explicitly disclose how they collect, process, store, and share the organization's data gives the organization concrete, actionable information to evaluate data security posture and negotiate protective contractual terms. This goes beyond surface-level assurance. Option A (external audit) is useful but typically occurs post-procurement and depends on vendor cooperation. Option B (legal discussions) addresses liability and contracts but does not directly reveal data handling practices. Option D (public policy review) reflects what a vendor chooses to publish, which may be incomplete or aspirational rather than operationally accurate.

Topics

#AI procurement#Data security#Vendor risk management#Data usage disclosure

Community Discussion

No community discussion yet for this question.

Full AAISM Practice