Isaca CRISC Question Answer
An organization has outsourced its backup and recovery procedures to a cloud service provider. The provider's controls are inadequate for the organization's level of risk tolerance. As a result, the organization has internally implemented additional backup and recovery controls. Which risk response has been adopted?