CompTIA CASP+ Practice Test

What should the CISO recommend to limit exposure to a vendor's potential insolvency?

• A. Forego the purchase altogether.
• B. Ensure regular software updates.
• C. Include a source code escrow clause in the contract.
• D. Limit vendor interactions.

The correct answer is: Include a source code escrow clause in the contract.

Including a source code escrow clause in the contract is a prudent recommendation to mitigate risks associated with a vendor's potential insolvency. This clause ensures that the source code for critical software or systems is stored in a secure escrow account. In the event that the vendor becomes insolvent or is unable to provide necessary support, the organization can access the source code and maintain or modify the software as needed. This approach not only protects the organization’s investments but also ensures operational continuity, allowing the organization to manage its dependencies with the vendor effectively. Other options, while they may offer certain benefits or serve different purposes, do not directly address the risk of insolvency in the same way. For example, foregoing the purchase altogether eliminates the risk but may also result in lost opportunities if the vendor's services are crucial. Ensuring regular software updates is important for security and performance but does not mitigate the risk associated with the vendor's financial stability. Limiting vendor interactions might reduce risk exposure, but it can negatively impact the partnership and prevent effective management of services or support that may be essential. Therefore, the inclusion of a source code escrow clause stands out as the most effective strategy in this scenario.