Which of the following is the MOST effective way for an organization to ensure its third-party service providers are aware of information security requirements and expectations?
A. Providing information security training to third-party personnel
B. Auditing the service delivery of third-party providers
C. Inducting information security clauses within contracts
D. Requiring third parties to sign confidentiality agreements
A. Providing information security training to third-party personnel
B. Auditing the service delivery of third-party providers
C. Inducting information security clauses within contracts
D. Requiring third parties to sign confidentiality agreements