Which of the following is the MOST effective way for an organization to ensure its third-party service providers are aware of information security requirements and expectations?
A. Auditing the service delivery of third-party providers
B. Including information security clauses within contracts
C. Providing information security training to third-party personnel
D. Requiring third parties to sign confidentiality agreements
A. Auditing the service delivery of third-party providers
B. Including information security clauses within contracts
C. Providing information security training to third-party personnel
D. Requiring third parties to sign confidentiality agreements