Question

Which of the following is the BEST way to address any gaps identified during an outsourced provider selection and contract negotiation process?

A. Make the provider accountable for security and compliance
B. Perform continuous gap assessments
C. Include audit rights in the service level agreement (SLA)
D. Implement compensating controls

Correct Answer: A??? or C???? or D????????

______________________

Note

■ Some good websites claim that the correct answer is: A. Make the provider accountable for security and compliance

■ Others good websites claim that the correct answer is: C. Include audit rights in the service level agreement (SLA)

■ Others good websites claim that the correct answer is: D. Implement compensating controls

■ Option D ("Implement compensating controls​​​​​​​") should be "the BEST way to address any gaps identified during an outsourced provider selection and contract negotiation process".

■ At the same time option C ("Include audit rights in the service level agreement (SLA)") could be "the BEST way to address any gaps identified during an outsourced provider selection and contract negotiation process"

■ What is your opinion?

Many thanks!

Answer 1

QUESTION :

Which of the following is the BEST way to address any gaps identified during an outsourced provider selection and contract negotiation process?

Answer : C - Include audit rights in the Service level agreement (SLA)

Explanation : The best way to address any gap during outsourced provider selection and contract negotiation process is "Include audit rights in the service level agreement (SLA)". Outsourced provider selection means company chooses a third party which provides or offer services that are needed by the company. Contract negotiation process means discussion on what to provide, what not to provide before making an agreement by the both parties (company and other party). For these two processes ,it is best way to include audit rights in service level agreement .

Audit rights means to allow accessing information each other. Service level agreement (SLA) is an agreement made between the two parties that states that what services should be provided,In what level services to be provide, providing requirements needed to the company etc... So by including audit rights in SLA makes the both parties clear what they are agreed for.

So to fill that gaps, Including audit rights in SLA is the best way.

Why other options are not correct ?

Option A - This is also not the best way in outsourced provider selection and contract negotiation process because selecting outsourced provider means they should provide all services to us without unfulfillment. So making provider accountable only for security and compliance is not mean that providing all services. So this is not the best way.

Option B - This is also not correct option because by performing continuous gaps assessments as per the situation there is no clarity between the both parties what they have decided or discussed and it leads to disturbance created between them. So this is not the best way.

Option D - This is not correct option because implementing compensation controls means choosing other control or requirements. By this both parties cannot satisfy. So this is not correct answer.

​​​