An auditor reviews a service level agreement between an organization and its cloud service provider. The SLA contains detailed uptime guarantees but no provisions for data ownership, data destruction procedures, or right to audit. What is the MOST significant omission?

Home › MCQs › CISA › Question #6833

CISA QUESTION #6833

Question 1

Incomplete performance metrics
Lack of data governance and audit rights creates unmanageable risk✔️
Insufficient technical specifications
Limited scope

Correct Answer Explanation

While uptime is important, fundamental issues of data ownership, secure data destruction, and audit rights are critical for risk management and compliance. Without these provisions, the organization cannot verify security controls, ensure data is properly destroyed when the relationship ends, or establish clear ownership rights.

More Options