When an organization and its IT-hosting service provider are establishing a contract with each other, it is MOST important that the contract includes:
A. details of expected security metrics.
B. each party’s security responsibilities.
C. penalties for noncompliance with security policy.
D. recovery time objectives (RTOs).