When reviewing a service level agreement for an outsourced
computer center an IS auditor should FIRST determine that:
A. the cost proposed for the services is reasonable.
B. security mechanisms are specified in the agreement.
C. the services in the agreement are based on an analysis of
business needs.
D. audit access to the computer center is allowed under the
agreement.
Answer Posted / guest
Answer: C
The first consideration in reviewing the agreement is to
ensure that the business is asking for the most appropriate
services to meet its business requirements. There should be
evidence that they have considered what services are
required, both at present and in the future. The cost is
important (choice A), since the business may be paying for
levels of services that are not required or are not
appropriate, but is not of first importance. Both, audit
access (choice D) and security objectives, rather than
security mechanisms (choice B), are issues to be considered
as part of the review, but are not of first importance.
Is This Answer Correct ? | 5 Yes | 0 No |
Post New Answer View All Answers