Clients should ascertain
whether
the prospective CSP is willing to share copies of its current security
and disaster recovery/business continuity (DR/BC) policies.
Enterprises should seek a CSP
whose level of operational security appears to be at least as mature as,
if not more mature than, the enterprise’s level of security.