A company is in the process of outsourcing its customer relationship management system to a cloud provider. It will host the entire organization’s customer database. The database will be accessed by both the company’s users and its customers. The procurement department has asked what security activities must be performed for the deal to proceed. Which of the following are the MOST appropriate security activities to be performed as part of due diligence? (Select TWO).
A . Physical penetration test of the datacenter to ensure there are appropriate controls.
B . Penetration testing of the solution to ensure that the customer data is well protected.
C . Security clauses are implemented into the contract such as the right to audit.
D . Review of the organizations security policies, procedures and relevant hosting certifications.
E . Code review of the solution to ensure that there are no back doors located in the software.
Answer: C, D