How is this a valid answer
sumeetgandhi
Member Posts: 60 ■■■□□□□□□□
in CISM
Need some understanding why the correct answer is correct - I have few more questions which are really difficult to understand. Will be posting them also.
An IS auditor is reviewing request for proposal (RFP) floated by IT department to procure
An IS auditor is reviewing request for proposal (RFP) floated by IT department to procure
services from independent service provider. Inclusion of which of the below clause is MOST
important while floating such RFP?
A. Details about Maintenance plan
B. Details about Proof of Concept (POC)
C. References from other customers
D. Details about BCP
The correct answer is: C. References from other customers - How is this a correct answer, shouldn't it be Details about BCP - it will contain steps about DR also which is really important.
Explanation for C:
Reference from other customers will help IT department to get idea about performance level of
service provider. Checking references is a means of obtaining an independent verification that the
vendor can perform the services it says it can. Other options are important and needs to be
understood before awarding contracts. However, most important clause will be references from
other customers.
---
With RegardsSumeet Gandhi
CISA, CISM, PMP, PMI-ACP, AWS Certified Solutions Architect, Office 365, SharePoint Online, SharePoint (2016 / 2013 / 2010 / 2007), MCTS, CSM, ITIL, PRINCE2
Comments
-
UnixGuy Mod Posts: 4,570 ModIt's just a request for proposal, to get the vendor to present a solution. a BCP is more important when you are planning to implement a solution. If you are only reviewing an RFP, you haven't a got a solution yet to do a BCP
-
COBOL_DOS_ERA Member Posts: 205 ■■■■■□□□□□In the grand scheme of ISACA it is a valid answer. As UnixGuy pointed out that you are in the process of requesting a RFP, and one of the major aspect of awarding a contract is about the reputation, and actual ability of the organization to perform such tasks outlined in the RFP. When you are at the review stage, as a COR you can only do that by checking the references, since past performance are often an indicator of the organization's ability to accomplished such tasks.
Also, when you analyze all the other choices, all of them are part of a solution. Those choices are not indicative of any ability/performance of the organization. Since, you could verify such organization's ability to perform A, B, and D just by checking any provided reference, thus C is the best answer among them.
CISM, CRISC, CGEIT, PMP, PMI-ACP, SEC+, ITIL V3, A-CSM. And Many More. -
sumeetgandhi Member Posts: 60 ■■■□□□□□□□Thank you both for the clarification, it makes more sense now.---With Regards
Sumeet GandhiCISA, CISM, PMP, PMI-ACP, AWS Certified Solutions Architect, Office 365, SharePoint Online, SharePoint (2016 / 2013 / 2010 / 2007), MCTS, CSM, ITIL, PRINCE2