CRISC IT Risk Identification • Set 2
CRISC IT Risk Identification Practice Test 2 — 15 questions with explanations. Free, no signup.
A multinational corporation is expanding its cloud infrastructure to include a new SaaS application that stores sensitive customer data. The vendor claims compliance with SOC 2 Type II and ISO 27001. The risk manager must determine if the remaining residual risk after vendor controls is within the company's risk appetite. Which of the following is the MOST critical next step?