Which of the following is the BEST method for management to obtain assurance of compliance with its security policy? 

Answer options:

A. Review security incident logs.
B. Train staff on their compliance responsibilities.
C. Conduct regular independent reviews.
D. Question staff concerning their security duties.

C