A cloud service provider is unable to provide an independent assessment of controls. Which of the following is the BEST way to obtain assurance that the provider can adequately protect the organization’s information?
A. Invoke the right to audit per the contract
B. Review the provider’s information security policy
C. Check references supplied by the provider’s other customers
D. Review the provider’s self-assessment
A. Invoke the right to audit per the contract
B. Review the provider’s information security policy
C. Check references supplied by the provider’s other customers
D. Review the provider’s self-assessment