Free Preparation Discussions
MENU
Isaca Exam CISA Topic 2 Question 94 Discussion
Topic #: 2
Which of the following would provide the BEST evidence that a cloud provider's change management process is effective?
The results of a third-party review provided by the vendor would provide the best evidence that a cloud provider's change management process is effective, because it would be an independent and objective assessment of the vendor's compliance with best practices and standards for managing changes in the cloud environment. A third-party review would also include testing of the vendor's change management controls and procedures, and provide recommendations for improvement if needed.
Minutes from regular change management meetings with the vendor would not provide sufficient evidence, because they would only reflect the vendor's self-reported information and may not capture all the changes that occurred or their impact on the cloud services. Written assurances from the vendor's CEO and CIO would also not provide sufficient evidence, because they would be based on the vendor's own opinion and may not be verified by external sources. A copy of change management policies provided by the vendor would not provide sufficient evidence, because it would only show the vendor's intended approach to change management, but not how it is implemented or monitored in practice.
ISACA Cloud Computing Audit Program, Section 4.5: Change Management
Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives, Section 4.3: Change Management
Lynelle
3 months agoMagda
3 months agoWhitley
3 months agoJolanda
3 months agoJoaquin
3 months agoMadalyn
2 months agoJade
2 months agoJavier
3 months agoJanella
2 months agoHarley
2 months agoCarmen
3 months agoWillow
3 months agoDarell
4 months agoLewis
2 months agoSharee
2 months agoOlga
3 months agoSherman
3 months ago