Explanation: As regular audits can spot gaps in information security compliance, periodic audits can ensure that outsourced service provider comply with the enterprise’s information security policy.
Incorrect Answers:
A: Penetration testing can identify security vulnerability, but cannot ensure information compliance.
B: Service level monitoring can only identify operational issues in the enterprise’s operational environment. It does not play any role in ensuring that outsourced service provider complies with the enterprise’s information security policy.
C: Training can increase user awareness of the information security policy, but is less effective than periodic auditing.