An organization utilizes a third party to classify its customers' personally identifiable information (PII). What is the BEST way to hold the third party accountable for data leaks?
A. Include detailed documentation requirements within the formal statement of work.
B. Submit a formal request for proposal (RFP) containing detailed documentation of requirements.
C. Ensure a nondisclosure agreement is signed by both parties' senior management.
D. Require the service provider to sign off on the organization's acceptable use policy.
A. Include detailed documentation requirements within the formal statement of work.
B. Submit a formal request for proposal (RFP) containing detailed documentation of requirements.
C. Ensure a nondisclosure agreement is signed by both parties' senior management.
D. Require the service provider to sign off on the organization's acceptable use policy.