An organization plans to contract with an outside service provider to host its corporate web site. The MOST
important concern for the information security manager is to ensure that:
A.
an audit of the service provider uncovers no significant weakness.
B.
the contract includes a nondisclosure agreement (NDA) to protect the organization’s intellectual property.
C.
the contract should mandate that the service provider will comply with security policies.
D.
the third-party service provider conducts regular penetration testing.