You are an information system auditor of HDA Inc., Your organization wants you to recommend some control practices to evaluate the information security arrangements of third party service provider. What is the most effective method to verify that the service vendor maintains control levels as required by your organization?