Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Exin CDFOM Exam - Topic 11 Question 3 Discussion

Actual exam question for Exin's CDFOM exam
Question #: 3
Topic #: 11
[All CDFOM Questions]

The data center service provider has decided that maintenance of the data center facilities infrastructure will be outsourced.

Is it still involved in the risk management process of data center maintenance?

Show Suggested Answer Hide Answer
Suggested Answer: A

EPI's governance and risk management principles clearly state:

When a data center outsources maintenance, operational work can be outsourced, but risk cannot be transferred.

Risk may be shared, mitigated, or reduced through contractual arrangements, but ownership remains with the data center service provider.

The data center operator is still responsible for ensuring compliance, operational continuity, and safety---even if another party performs the maintenance tasks.

Therefore:

The service provider must remain involved in risk evaluation, risk treatment, and ongoing monitoring.

Oversight responsibilities cannot be delegated.

Options C and D are incorrect because outsourcing the activity does not outsource risk accountability.

Option B is irrelevant because risk responsibility does not depend on provider expertise.

Thus, A is correct.

EPI DCFOM-Aligned Reference Concepts (Paraphrased)

Risk ownership remains with the organization even when maintenance is outsourced.

Outsourcing shares risk but does not transfer it.

The data center must maintain involvement in the risk management process.


by Andra at Dec 19, 2025, 02:16 AM

Limited Time Offer

25%

Off

Get Premium CDFOM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Frank
3 days ago
B) Totally depends on the provider's expertise!
upvoted 0 times
...
Bonita
8 days ago
Wait, so they still have to manage risks even if they outsource?
upvoted 0 times
...
Niesha
13 days ago
I disagree, D) makes more sense. The provider isn't hands-on anymore.
upvoted 0 times
...
Gilma
18 days ago
A) Yes, since risk can be shared, but not fully transferred.
upvoted 0 times
...
Kerry
24 days ago
The data center provider is like a parent letting their kid play with matches - they're still liable!
upvoted 0 times
...
Barrett
29 days ago
This question is a real head-scratcher, like trying to herd cats and manage risks at the same time.
upvoted 0 times
...
Sherell
1 month ago
D) Nah, the provider can't just pass the buck to the maintenance company.
upvoted 0 times
...
Raul
2 months ago
C) I disagree, the provider is still responsible for oversight and risk management.
upvoted 0 times
...
Ronna
2 months ago
B) Hmm, the provider's involvement really depends on the maintenance company's capabilities.
upvoted 0 times
...
Wava
2 months ago
A) Definitely, the data center service provider can't just wash their hands of the risks.
upvoted 0 times
...
Veronika
2 months ago
I lean towards D since the maintenance provider takes on the responsibility, but I wonder if that absolves the data center of all risk.
upvoted 0 times
...
Rana
3 months ago
I practiced a similar question, and I think the answer might be C because the provider isn't directly involved in maintenance.
upvoted 0 times
...
Belen
3 months ago
I'm not entirely sure, but I feel like it really depends on how competent the maintenance provider is, which makes B a possibility.
upvoted 0 times
...
Glynda
3 months ago
I remember discussing how risk can be shared but not fully transferred, so I think A might be correct.
upvoted 0 times
...
Brianne
3 months ago
C seems tempting, but I don't think that's correct. The data center provider is still responsible for the overall risk, even if they aren't directly doing the maintenance work.
upvoted 0 times
...
Kimbery
3 months ago
I'm leaning towards B. The involvement of the data center provider in risk management likely depends on the capabilities and experience of the maintenance service provider they select.
upvoted 0 times
...
Belen
3 months ago
I think the key here is to focus on the concept of risk management. Even if the actual maintenance is outsourced, the data center provider is still accountable for the overall risk, so I'd go with A.
upvoted 0 times
...
Katie
4 months ago
Hmm, I'm a bit confused on this one. I'm not sure if the data center provider is still involved in the risk management process or not. The question seems a bit tricky.
upvoted 0 times
...
Nada
4 months ago
I'm pretty sure the answer is A. Even though the maintenance is outsourced, the data center service provider is still responsible for managing the overall risks.
upvoted 0 times
Rhea
4 months ago
I agree, A makes the most sense. Risk management is crucial.
upvoted 0 times
...
...
Ruthann
4 months ago
A) Yes, since although risk can be shared, it cannot be transferred.
upvoted 0 times
...

Save Cancel