Exam AAISM Topic 1 Question 67 Discussion

Actual exam question for ISACA's AAISM exam
Question #: 67
Topic #: 1
An organization is looking to purchase an AI application from a vendor but is concerned about the security of its data. Which of the following is the MOST effective way to address this concern?

Suggested Answer: B Vote an answer

The priority control in AI vendor due diligence is ensuring explicit disclosure of data handling: data flows, purpose limitation, retention/deletion, training vs. inference use, isolation controls, access paths, subcontractors, and storage/transfer boundaries. This disclosure is then tied to contractual commitments and measurable controls. A public policy (Option A) may be incomplete; a pre-procurement external audit (Option C) can be valuable but is not always feasible or targeted to your data use; legal discussions (Option D) are necessary for terms but must be grounded in clear, detailed data-use disclosures to be effective.
References:
AAISM Body of Knowledge: Third-Party AI Risk Management; Data Governance and Usage Controls; Contractual and Technical Safeguards for Vendor AI.
AAISM Study Guide: AI Procurement Due Diligence; Data-Use Transparency (Training vs. Fine-tuning vs.
Inference); Retention, Purpose Limitation, and Cross-Border Controls.

by Jeremy at Nov 14, 2025, 02:38 PM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday

Support: Contact now 

日本語 Deutsch 繁体中文 한국어