An organization has outsourced many application development activities to a third party that uses contract programmers extensively. Which of the following would provide the BEST assurance that the third party's contract programmers comply with the organization's security policies?
A. Require annual signed agreements of adherence to security policies.
B. Include penalties for noncompliance in the contracting agreement.
C. Perform periodic security assessments of the contractors' activities.
D. Conduct periodic vulnerability scans of the application.
A. Require annual signed agreements of adherence to security policies.
B. Include penalties for noncompliance in the contracting agreement.
C. Perform periodic security assessments of the contractors' activities.
D. Conduct periodic vulnerability scans of the application.