The BEST way to ensure that an external service provider complies with organizational security
policies is to:
A.
Explicitly include the service provider in the security policies.
B.
Receive acknowledgment in writing stating the provider has read all policies.
C.
Cross-reference to policies in the service level agreement
D.
Perform periodic reviews of the service provider.
Explanation:
Periodic reviews will be the most effective way of obtaining compliance from the external service
provider. References in policies and service level agreements and requesting written
acknowledgement will not be as effective since they will not trigger the detection of
noncompliance.