Isaca CRISC Exam - Topic 11 Question 113 Discussion

Actual exam question for Isaca's CRISC exam

Question #: 113
Topic #: 11

An organization is planning to move its application infrastructure from on-premises to the cloud. Which of the following is the BEST course of the actin to address the risk associated with data transfer if the relationship is terminated with the vendor?

AMeet with the business leaders to ensure the classification of their transferred data is in place

BEnsure the language in the contract explicitly states who is accountable for each step of the data transfer process

CCollect requirements for the environment to ensure the infrastructure as a service (IaaS) is configured appropriately.

DWork closely with the information security officer to ensure the company has the proper security controls in place.

Show Suggested Answer

Suggested Answer: B

The best course of action to address the risk associated with data transfer if the relationship is terminated with the vendor is to ensure the language in the contract explicitly states who is accountable for each step of the data transfer process. This can help to avoid ambiguity, confusion, or disputes over the ownership, responsibility, and liability of the data and the data transfer process. Meeting with the business leaders, collecting requirements, and working with the information security officer are important activities, but they are not as effective as ensuring the contractual agreement is clear and enforceable.Reference:=ISACA Certified in Risk and Information Systems Control (CRISC) Certification Exam Question and Answers, question 4; CRISC Review Manual, 6th Edition, page 153.

by Kathryn at May 16, 2026, 03:30 AM

Limited Time Offer

25%

Off

Get Premium CRISC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Wilburn

16 days ago

I think option B might be the best choice since having clear accountability in the contract could really help if things go wrong.

upvoted 0 times

...