An organization has contracted with a third-party e-commerce provider. Which of the following is MOST important for the information security manager to examine during the subsequent compliance review period? 

Answer options:

A. Changes to the provider`s controls and infrastructure
B. Financial provisions and maintenance expenses
C. Adherence to the service level agreement
D. Right-to-audit provisions in the contract

A