Of the following, who should have PRIMARY responsibility for assessing the security risk associated with an outsourced cloud provider contract?

A. Information security manager
B. Compliance manager
C. Chief information officer
D. Service delivery manager