Of the following, the BEST response to the absence of a data security breach notification by a service provider is to contractually require that: 

Answer options:

A. security incidents identified by the provider be reported.
B. security related key performance indicators be included in all service level agreements.
C. security incident information be shared only on a need-to-know basis.
D. a registry of all security breaches be maintained by the service provider.

A