A business partner of a factory has remote read-only access to material inventory to forecast future acquisition
orders. An information security manager should PRIMARILY ensure that there is:

A.
an effective control over connectivity and continuity.

B.
a service level agreement (SLA) including code escrow.

C.
a business impact analysis (BIA).

D.
a third-party certification.

Explanation:

The principal risk focus is the connection procedures to maintain continuity in case of any contingency.
Although an information security manager may be interested in the service level agreement (SLA), code escrow is not a concern. A business impact analysis (BIA) refers to contingency planning and not to system access.
Third-party certification does not provide any assurance of controls over connectivity to maintain continuity.