What would be the most appropriate directive control in this area?

An organization decided to outsource its human resources function. As part of its process migration, the organization is implementing controls over sensitive employee data.

What would be the most appropriate directive control in this area?
A . Require a Service Organization Controls (SOC) report from the service provider
B . Include a data protection clause in the contract with the service provider.
C . Obtain a nondisclosure agreement from each employee at the service provider who will handle sensitive data.
D . Encrypt the employees ‘ data before transmitting it to the service provider

Answer: B

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments