Question
The IT department of a local government agency is finalizing a contract with a third-party vendor to provide cloud services. The agency is highly concerned about data security and wants to ensure it can assess the vendor's security practices. Which of the following accurately identifies the purpose of including a right-to-audit clause in the contract?
A.To provide the vendor with access to sensitive customer data
B.To grant the vendor the right to conduct audits on the agency's internal systems
C.To exempt the vendor from security compliance requirements
D.To ensure the agency can periodically assess the vendor's security practices
A.To provide the vendor with access to sensitive customer data
B.To grant the vendor the right to conduct audits on the agency's internal systems
C.To exempt the vendor from security compliance requirements
D.To ensure the agency can periodically assess the vendor's security practices
Answers
GPT-4o mini
The correct answer is:
**D. To ensure the agency can periodically assess the vendor's security practices.**
Including a right-to-audit clause in the contract allows the agency to evaluate and verify the security measures and practices of the vendor, ensuring that they are in compliance with the agreed-upon security standards and effectively protecting data.
**D. To ensure the agency can periodically assess the vendor's security practices.**
Including a right-to-audit clause in the contract allows the agency to evaluate and verify the security measures and practices of the vendor, ensuring that they are in compliance with the agreed-upon security standards and effectively protecting data.