A cloud service provider is unable to provide an independent assessment of controls. Which of the following is the BEST way to obtain assurance that the provider can adequately protect the organization’s information?
A. Check references supplied by the provider’s other customers.
B. Invoke the right to audit per the contract.
C. Review the provider’s information security policy.
D. Review the provider’s self-assessment.
A. Check references supplied by the provider’s other customers.
B. Invoke the right to audit per the contract.
C. Review the provider’s information security policy.
D. Review the provider’s self-assessment.