CISM Question #866: Real Exam Question with Answer & Explanation

Sign in or unlock CISM to reveal the answer and full explanation for question #866. The question stem and answer options stay visible for context.

Submitted by daniela_cl· Apr 18, 2026Information Security Incident Management

Question

Which of the following is the MOST critical requirement to be included in a contract with a third party that provides security incident management?

Options

ASecurity incidents have to be reported to the client organization within a specified time frame.
BRoot cause analysis and remediation plans for security incidents have to be provided to the
CIncident response team maturity assessment has to be conducted periodically.
DA documented policy for incident management has to be approved by senior management.

Unlock CISM to see the answer

You've previewed enough free CISM questions. Unlock CISM for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock CISM - $49.99 / 30 days Sign in

Topics

#Incident Reporting#Third-Party Management#Contractual Requirements#Service Level Agreements

Full CISM Practice Browse All CISM Questions