How is this a valid answer

sumeetgandhisumeetgandhi CISA, CISM, PMP, AWS SA, AWS SysOps, CISM, ITIL, PRINCE2, MCTS - SharePoint / Office365SingaporePosts: 55Member ■■■□□□□□□□
Need some understanding why the correct answer is correct - I have few more questions which are really difficult to understand. Will be posting them also.

An IS auditor is reviewing request for proposal (RFP) floated by IT department to procure
services from independent service provider. Inclusion of which of the below clause is MOST
important while floating such RFP?

A. Details about Maintenance plan
B. Details about Proof of Concept (POC)
C. References from other customers
D. Details about BCP

The correct answer is: C. References from other customers - How is this a correct answer, shouldn't it be D: Details about BCP - it will contain steps about DR also which is really important.

Explanation for C:
Reference from other customers will help IT department to get idea about performance level of
service provider. Checking references is a means of obtaining an independent verification that the
vendor can perform the services it says it can. Other options are important and needs to be
understood before awarding contracts. However, most important clause will be references from
other customers.
---
With Regards
Sumeet Gandhi
CISM, PMP, AWS Certified Solutions Architect, Office 365, SharePoint Online, SharePoint (2016 / 2013 / 2010 / 2007), MCTS, CSM, ITIL, PRINCE2

Comments

  • UnixGuyUnixGuy SABSA, GCFA, GPEN, CISM, RHCE, Security+, Server+, CCNA Posts: 3,964Mod Mod
    It's just a request for proposal, to get the vendor to present a solution. a BCP is more important when you are planning to implement a solution. If you are only reviewing an RFP, you haven't a got a solution yet to do a BCP
    Goal: MBA, March 2021
  • promethuschowpromethuschow Member Northern VA, NYCPosts: 188Member ■■■■□□□□□□
    In the grand scheme of ISACA it is a valid answer. As UnixGuy pointed out that you are in the process of requesting a RFP, and one of the major aspect of awarding a contract is about the reputation, and actual ability of the organization to perform such tasks outlined in the RFP.  When you are at the review stage, as a COR you can only do that by checking the references, since past performance are often an indicator of the organization's ability to accomplished such tasks.

    Also, when you analyze all the other choices, all of them are part of a solution. Those choices are not indicative of any ability/performance of the organization. Since, you could verify such organization's ability to perform  A, B, and D just by checking any provided reference, thus C is the best answer among them.


  • sumeetgandhisumeetgandhi CISA, CISM, PMP, AWS SA, AWS SysOps, CISM, ITIL, PRINCE2, MCTS - SharePoint / Office365 SingaporePosts: 55Member ■■■□□□□□□□
    Thank you both for the clarification, it makes more sense now. 
    ---
    With Regards
    Sumeet Gandhi
    CISM, PMP, AWS Certified Solutions Architect, Office 365, SharePoint Online, SharePoint (2016 / 2013 / 2010 / 2007), MCTS, CSM, ITIL, PRINCE2
Sign In or Register to comment.