🔥 3-day streak
ISC2 CISSP — Certified Information Systems Security Professional115 / 129
Question 115 of 129

A financial services firm signs a contract with a SaaS vendor that processes sensitive customer data. During the security review, the firm's third-party risk manager discovers the SaaS vendor outsources its data hosting and backup operations to a separate cloud subcontractor located in another country. The firm's own regulators hold the firm accountable for protecting customer data end-to-end. What is the MOST effective action to address this supply-chain risk before signing?

Reviewed for accuracy · Report an issueNext question