An organization engages a third-party vendor to monitor and support a financial application under scrutiny by regulators. Maintaining strict data integrity and confidentiality for this application is critical to the business. Which of the following controls would MOST effectively manage risk to the organization? 

Answer options:

A. Implementing segregation of duties between systems and data
B. Activating access and data logging
C. Disabling vendor access and only re-enabling when access is needed
D. Implementing periodic access reviews of vendor employees

B