In an organization that relies heavily on cloud-based applications, you, as the Information Security Manager, are approached by a project manager who is keen on introducing a new third-party cloud service. What would be your FIRST step to ensure security compliance?