What would be an information security manager’s BEST recommendation upon learning that an existing contract with a third party does not clearly identify requirements for safeguarding the organization’s critical data?
A. Create an addendum to the existing contract.
B. Cancel the outsourcing contract.
C. Transfer the risk to the provider.
D. Initiate an external audit of the provider’s data center.
A. Create an addendum to the existing contract.
B. Cancel the outsourcing contract.
C. Transfer the risk to the provider.
D. Initiate an external audit of the provider’s data center.