When auditing third-party service providers, an IS auditor should be concerned with which of the following?
A . Ownership of the programs and files
B . A statement of due care and confidentiality, and the capability for continued service of the service provider in the event of a disaster
C . A statement of due care
D . Ownership of programs and files, a statement of due care and confidentiality, and the capability for continued service of the service provider in the event of a disaster
Answer: D
Explanation:
When auditing third-party service providers, an auditor should be concerned with ownership of programs and files, a statement of due care and confidentiality, and the capability for continued service of the service provider in the event of a disaster.