Exin ISMP Exam - Topic 3 Question 20 Discussion

Actual exam question for Exin's ISMP exam

Question #: 20
Topic #: 3

Security monitoring is an important control measure to make sure that the required security level is maintained. In order to realize 24/7 availability of the service, this service is outsourced to a partner in the cloud.

What should be an important control in the contract?

AThe network communication channel is secured by using encryption.

CThe third party is certified for adhering to privacy protection controls.

BThe third party is certified against ISO/IEC 27001.

DYour IT auditor has the right to audit the external party's service management processes.

Show Suggested Answer

Suggested Answer: D

by Leeann at Jan 24, 2026, 08:59 AM

Limited Time Offer

25%

Off

Get Premium ISMP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Kenneth

3 days ago

Penalties for the provider if they fail to meet the agreed-upon security standards.

upvoted 0 times

...

Vallie

8 days ago

Haha, don't forget the "break glass in case of emergency" clause!

upvoted 0 times

...

Hillary

13 days ago

Strict data privacy and security clauses to protect sensitive information.

upvoted 0 times

...

Carmelina

18 days ago

Detailed audit and reporting requirements to ensure compliance.

upvoted 0 times

...

Gaynell

24 days ago

Service level agreement with clear uptime and response time requirements.

upvoted 0 times

...

Vilma

29 days ago

I feel like there should be a clause about regular security audits, but I can't recall if that's standard practice in all contracts.

upvoted 0 times

...

Luisa

1 month ago

We practiced a similar question about cloud service contracts, and I believe data protection clauses are also essential to ensure compliance with regulations.

upvoted 0 times

...

Augustine

2 months ago

I'm not entirely sure, but I remember something about including incident response times in the contract. That seems crucial for security monitoring.

upvoted 0 times

...

Brigette

2 months ago

I think one important control in the contract should be the Service Level Agreement (SLA) that specifies uptime guarantees.

upvoted 0 times

...

Glenn

2 months ago

The big thing for me would be access controls and privileged user management. Gotta make sure only authorized personnel can access the security data.

upvoted 0 times

...

Aliza

2 months ago

I'm a bit unsure on this one. Maybe I'd ask about how the cloud provider will ensure 24/7 availability and redundancy of the security monitoring service.

upvoted 0 times

...

Felicidad

3 months ago

Definitely need to cover data protection and privacy requirements in the contract. Can't outsource security and risk compliance issues.

upvoted 0 times

...

Hoa

3 months ago

Okay, I think I'd look at how the cloud provider will monitor and report on security incidents. Transparency is key.

upvoted 0 times

...

Novella

3 months ago

Hmm, this one's tricky. I'd focus on ensuring the contract has clear SLAs and incident response procedures.

upvoted 0 times

...