AAISM · Question #82
An organization is adopting an agentic AI solution from an external vendor to support its internal IT operations. To evaluate the security posture of this system, which of the following provides the M
The correct answer is D. Third-party audit reports. Third-party audit reports provide independent assurance that the vendor's stated controls are designed and operating effectively against recognized criteria. Such attestations (e.g., audit/assurance frameworks) are traceable, repeatable, and verifiable, and they support supply- c
Question
An organization is adopting an agentic AI solution from an external vendor to support its internal IT operations. To evaluate the security posture of this system, which of the following provides the MOST reliable and independently verifiable evidence of implemented security controls?
Options
- AInternal red team testing reports
- BIndustry benchmarking peer review
- CGeneral AI security whitepapers
- DThird-party audit reports
How the community answered
(31 responses)- A3% (1)
- B10% (3)
- C6% (2)
- D81% (25)
Explanation
Third-party audit reports provide independent assurance that the vendor's stated controls are designed and operating effectively against recognized criteria. Such attestations (e.g., audit/assurance frameworks) are traceable, repeatable, and verifiable, and they support supply- chain risk reviews and contractual assurance. Internal red-team reports are not independent, industry "peer reviews" are not control attestations, and whitepapers are marketing/educational materials without evidence of control operation.
Topics
Community Discussion
No community discussion yet for this question.