Ensuring that an organization can conduct security reviews within third-party facilities is PRIMARILY enabled by:
A. service level agreements (SLAs)
B. acceptance of the organization-s security policies
C. contractual agreements
D. audit guidelines