An outsourced vendor handles an organization's business-critical data. Which of the following is the MOST effective way for the client organization to obtain assurance of the vendor's security practices?
A. Verifying security certifications held by the vendor
B. Reviewing the vendor's security audit reports
C. Requiring periodic independent third-party reviews
D. Requiring business continuity plans (BCPs) from the vendor
A. Verifying security certifications held by the vendor
B. Reviewing the vendor's security audit reports
C. Requiring periodic independent third-party reviews
D. Requiring business continuity plans (BCPs) from the vendor