nerdexam
Isaca

CDPSE · Question #260

Which of the following is the BEST way to manage privacy risk associated with outsourcing to a third party?

The correct answer is D. Perform privacy audits of the vendor.. Performing privacy audits of the vendor provides active, evidence-based verification that the third party is actually complying with required privacy protections. A variable sourcing strategy (A) is about procurement diversification, not privacy. Reviewing vendor privacy policies

Privacy Governance

Question

Which of the following is the BEST way to manage privacy risk associated with outsourcing to a third party?

Options

  • AUtilize a variable sourcing strategy.
  • BReview and approve the vendor's privacy policies.
  • CRequire specific controls as part of the contract.
  • DPerform privacy audits of the vendor.

How the community answered

(25 responses)
  • A
    4% (1)
  • B
    4% (1)
  • C
    8% (2)
  • D
    84% (21)

Explanation

Performing privacy audits of the vendor provides active, evidence-based verification that the third party is actually complying with required privacy protections. A variable sourcing strategy (A) is about procurement diversification, not privacy. Reviewing vendor privacy policies (B) is passive and only confirms what the vendor claims, not what it does. Requiring contractual controls (C) establishes legal obligations but does not verify implementation. Audits go beyond contractual promises-they provide ongoing assurance that controls are in place and effective, making them the strongest risk management mechanism when personal data is shared with a third party.

Topics

#Third-party risk management#Privacy audits#Vendor management#Outsourcing

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice