According to IIA guidance, which of the following would be the best first step to manage risk when a third party is overseeing the organization’s network and data?
A . Creating a comprehensive reporting system for vendors to demonstrate their ongoing
due diligence in network operations
B . Drafting a strong contract that requires regular vendor control reports and a right-to-audit clause.
C . Applying administrative privileges to ensure right-to-access controls are appropriate
D . Creating a standing cybersecurity committee to identify and manage risks related to data security
Answer: B