nerdexam
(ISC)2

CISSP · Question #769

According to best practice, which of the following groups is the MOST effective in performing an information security compliance audit?

The correct answer is D. External consultants. According to best practice, the most effective group in performing an information security compliance audit is external consultants. External consultants are independent and objective third parties that can provide unbiased and impartial assessment of the organization's complianc

Submitted by kevin_r· Mar 5, 2026Security Assessment and Testing

Question

According to best practice, which of the following groups is the MOST effective in performing an information security compliance audit?

Options

  • AIn-house security administrators
  • BIn-house Network Team
  • CDisaster Recovery (DR) Team
  • DExternal consultants

How the community answered

(47 responses)
  • A
    6% (3)
  • B
    11% (5)
  • C
    2% (1)
  • D
    81% (38)

Explanation

According to best practice, the most effective group in performing an information security compliance audit is external consultants. External consultants are independent and objective third parties that can provide unbiased and impartial assessment of the organization's compliance with the security policies, standards, and regulations. External consultants can also bring expertise, experience, and best practices from other organizations and industries, and offer recommendations for improvement.

Topics

#compliance audit#auditor independence#best practices#external audit

Community Discussion

No community discussion yet for this question.

Full CISSP Practice