CompTIA CASP+ Practice Test

What is the most appropriate action when a consulting firm has subcontracted some security functions?

• A. Request a meeting with the sub-contractor to discuss security measures.
• B. Ensure the consulting firm has service agreements with the subcontractor.
• C. Terminate the contract with the consulting firm immediately.
• D. Assess the subcontractor's ability to deliver services effectively.

The correct answer is: Ensure the consulting firm has service agreements with the subcontractor.

When a consulting firm has subcontracted some security functions, ensuring that the consulting firm has service agreements with the subcontractor is a vital action. These agreements establish a formal understanding of the obligations, responsibilities, and expectations regarding security functions performed by the subcontractor. Service agreements typically address critical components such as compliance with security standards, data protection protocols, incident response procedures, and the handling of sensitive information. This step is crucial to maintain accountability and ensure that all parties involved adhere to a consistent level of security practices. By having these agreements in place, the consulting firm can better manage risks associated with subcontracting, such as potential vulnerabilities introduced by third parties or lapses in security protocols. This doesn't eliminate the need for further assessments or conversations with the subcontractor regarding security measures; rather, it creates a foundational framework within which all security-related activities can be coordinated and monitored, ensuring that the subcontractor aligns with the broader security requirements set forth by the consulting firm and its clients.