New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Exin CDFOM Exam - Topic 11 Question 3 Discussion

Actual exam question for Exin's CDFOM exam
Question #: 3
Topic #: 11
[All CDFOM Questions]

The data center service provider has decided that maintenance of the data center facilities infrastructure will be outsourced.

Is it still involved in the risk management process of data center maintenance?

Show Suggested Answer Hide Answer
Suggested Answer: A

EPI's governance and risk management principles clearly state:

When a data center outsources maintenance, operational work can be outsourced, but risk cannot be transferred.

Risk may be shared, mitigated, or reduced through contractual arrangements, but ownership remains with the data center service provider.

The data center operator is still responsible for ensuring compliance, operational continuity, and safety---even if another party performs the maintenance tasks.

Therefore:

The service provider must remain involved in risk evaluation, risk treatment, and ongoing monitoring.

Oversight responsibilities cannot be delegated.

Options C and D are incorrect because outsourcing the activity does not outsource risk accountability.

Option B is irrelevant because risk responsibility does not depend on provider expertise.

Thus, A is correct.

EPI DCFOM-Aligned Reference Concepts (Paraphrased)

Risk ownership remains with the organization even when maintenance is outsourced.

Outsourcing shares risk but does not transfer it.

The data center must maintain involvement in the risk management process.


by Andra at Dec 19, 2025, 02:16 AM

Limited Time Offer

25%

Off

Get Premium CDFOM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Raul
7 days ago
C) I disagree, the provider is still responsible for oversight and risk management.
upvoted 0 times
...
Ronna
13 days ago
B) Hmm, the provider's involvement really depends on the maintenance company's capabilities.
upvoted 0 times
...
Wava
18 days ago
A) Definitely, the data center service provider can't just wash their hands of the risks.
upvoted 0 times
...
Veronika
23 days ago
I lean towards D since the maintenance provider takes on the responsibility, but I wonder if that absolves the data center of all risk.
upvoted 0 times
...
Rana
28 days ago
I practiced a similar question, and I think the answer might be C because the provider isn't directly involved in maintenance.
upvoted 0 times
...
Belen
1 month ago
I'm not entirely sure, but I feel like it really depends on how competent the maintenance provider is, which makes B a possibility.
upvoted 0 times
...
Glynda
1 month ago
I remember discussing how risk can be shared but not fully transferred, so I think A might be correct.
upvoted 0 times
...
Brianne
1 month ago
C seems tempting, but I don't think that's correct. The data center provider is still responsible for the overall risk, even if they aren't directly doing the maintenance work.
upvoted 0 times
...
Kimbery
2 months ago
I'm leaning towards B. The involvement of the data center provider in risk management likely depends on the capabilities and experience of the maintenance service provider they select.
upvoted 0 times
...
Belen
2 months ago
I think the key here is to focus on the concept of risk management. Even if the actual maintenance is outsourced, the data center provider is still accountable for the overall risk, so I'd go with A.
upvoted 0 times
...
Katie
2 months ago
Hmm, I'm a bit confused on this one. I'm not sure if the data center provider is still involved in the risk management process or not. The question seems a bit tricky.
upvoted 0 times
...
Nada
2 months ago
I'm pretty sure the answer is A. Even though the maintenance is outsourced, the data center service provider is still responsible for managing the overall risks.
upvoted 0 times
Rhea
2 months ago
I agree, A makes the most sense. Risk management is crucial.
upvoted 0 times
...
...
Ruthann
2 months ago
A) Yes, since although risk can be shared, it cannot be transferred.
upvoted 0 times
...

Save Cancel