An information security manager has recently been notified of potential security risks associated with a third-party service provider. What should be done NEXT to address this concern? 

Answer options:

A. Conduct a risk analysis
B. Escalate to the chief risk officer
C. Conduct a vulnerability analysis
D. Determine compensating controls

A