To ensure the information security of outsourced IT services, which of the following is the MOST critical due diligence activity? 

Answer options:

A. Review samples of service level reports from the service provider.
B. Assess the level of security awareness of the service provider.
C. Request that the service provider comply with information security policy.
D. Review the security status of the service provider.

C