Which of the following would BEST help to ensure compliance with an organization’s information security requirements by an IT service provider?
A . Defining the business recovery plan with the IT service provider
B . Requiring an external security audits of the IT service provider
C . Defining information security requirements with internal IT
D . Requiring regular reporting from the IT service provider
Answer: D