An organization has outsourced an application to a Software as a Service (SaaS) provider. The risk associated with the use of this service should be owned by the:

A. service provider’s IT manager
B. service provider’s risk manager
C. organization’s business process manager
D. organization’s vendor manager