You are the Information Security Manager of HDA Inc. The organization is considering outsourcing its customer relationship management (CRM) to a third-party service provider, and you are contemplating the initial step. You are the Information Security Manager of HDA Inc. Before outsourcing its customer relationship management (CRM) to a third-party service provider, what is the INITIAL step the organization should take?