CRISC · Question #280
CRISC Question #280: Real Exam Question with Answer & Explanation
The correct answer is A: Service level agreements (SLAs) have not been met over the last quarter.. The greatest concern from a third-party service provider review is consistent failure to meet Service Level Agreements (SLAs), as this directly impacts organizational operations and objectives.
Question
Which of the following observations from a third-party service provider review would be of GREATEST concern to a risk practitioner?
Options
- AService level agreements (SLAs) have not been met over the last quarter.
- BThe service contract is up for renewal in less than thirty days.
- CKey third-party personnel have recently been replaced.
- DMonthly service charges are significantly higher than industry norms.
Explanation
The greatest concern from a third-party service provider review is consistent failure to meet Service Level Agreements (SLAs), as this directly impacts organizational operations and objectives.
Common mistakes.
- B. A looming contract renewal is a logistical and contractual concern that requires planning, but it does not indicate an immediate failure in service delivery or increased risk exposure in the same way as unmet SLAs.
- C. Replacement of key personnel can introduce uncertainty and potential risk, but it doesn't necessarily mean service quality has deteriorated or that risks are actively materializing, unlike a direct failure of SLAs.
- D. Higher service charges are a financial concern affecting budget and cost-effectiveness, but they do not directly represent an increased risk to the organization's security or operational continuity.
Concept tested. Third-party risk management, SLA compliance
Reference. https://csrc.nist.gov/publications/detail/sp/800-161/rev-1/final
Topics
Community Discussion
No community discussion yet for this question.