An organization utilizes a third party to classify its customers’ personally identifiable information (PII).
What is the BEST way to hold the third party accountable for data leaks?
A . Include detailed documentation requirements within the formal statement of work.
B . Submit a formal request for proposal (RFP) containing detailed documentation of requirements.
C . Ensure a nondisclosure agreement is signed by both parties’ senior management.
D . Require the service provider to sign off on the organization’s acceptable use policy.
Answer: A