Refer to the information below to answer the question.
A large, multinational organization has decided to outsource a portion of their Information
Technology (IT) organization to a third-party provider’s facility. This provider will be responsible for

the design, development, testing, and support of several critical, customer-based applications used
by the organization.
The organization should ensure that the third party’s physical security controls are in place so that
they

A.
are more rigorous than the original controls.

B.
are able to limit access to sensitive information.

C.
allow access by the organization staff at any time.

D.
cannot be accessed by subcontractors of the third party.