🔥 3-day streak
ISACA CISM — Certified Information Security Manager16 / 121
Question 16 of 121

A manufacturing company signs a contract with a large retail customer that includes strict information security clauses requiring encryption of all customer data and 24-hour breach notification. The company stores this data with a third-party cloud provider whose standard service agreement offers only 72-hour breach notification and does not commit to the required encryption controls. What should the information security manager do FIRST?

Reviewed for accuracy · Report an issueNext question