Before engaging outsourced providers, an information security manager should ensure that the organization's data classification requirements:
A. are compatible with the provider's own classification.
B. are communicated to the provider.
C. exceed those of the outsourcer.
D. are stated in the contract.
A. are compatible with the provider's own classification.
B. are communicated to the provider.
C. exceed those of the outsourcer.
D. are stated in the contract.