Your company is in the process of selecting a cloud service provider to host critical infrastructure. Your management team wants to ensure thorough evaluation of potential vendors to avoid legal, compliance, and operational risks. Which of the following actions exemplifies proper due diligence in this scenario?
Review the company's own internal information security policies.
Select a vendor based on the recommendation of an acquaintance at a partnering organization.
Agree on the pricing and service level agreements.
Review third-party audit reports of the vendors.