This is a dedicated watch page for a single video.
A risk practitioner has been asked to assist in developing a third-party agreement for a Software as a Service (SaaS) vendor that will store personally identifiable data. Which of the following would BEST enable management to verify the vendor's data security practices over the life of the agreement?