In order to maintain oversight of a third party service provider, the company is going to implement
a Governance, Risk, and Compliance (GRC) system. This system is promising to provide overall
security posture coverage. Which of the following is the MOST important activity that should be
considered?

A.
Continuous security monitoring

B.
Baseline configuration and host hardening

C.
Service Level Agreement (SLA) monitoring

D.
Security alerting and trending

Explanation: