An IS auditor performing a review of a newly purchased software program notes that an escrow agreement has been executed for acquiring the source code.
What is MOST important for the IS auditor to verify?
An IS auditor performing a review of a newly purchased software program notes that an escrow agreement has been executed for acquiring the source code.
What is MOST important for the IS auditor to verify?
An IS auditor should verify that the source code is being held by an independent third party to ensure the security and availability of the crucial software component in case the vendor goes out of business or fails to support the software. This is the most important aspect to confirm because it directly relates to the reliability and continuity of accessing the source code when needed.
not A?
Answer is A
Verifying that the source code is held by an independent third party is crucial because the escrow agreement is a risk management mechanism. In the event that the software vendor goes out of business or is unable to support the software, having the source code held by a third party ensures that the organization can access and maintain the software. This helps to mitigate the risk of losing critical functionality or support in the future. While the other options may also be important, ensuring the independence and reliability of the third party holding the source code is particularly critical for the long-term viability and supportability of the software.
under escrow agreement, the source code can be stored at the client organization, and not to be touch outside the condition of the escrow. Having outdate source code, would not be very helpful in case the vendor cannot provide anymore support.
D. The source code is being updated for each change.
A. The source code is being held by an independent third party.