Percy's organization is considering entering into a contract with a cloud service provider and wishes to evaluate the security of their services. What technique is he most likely to employ to assess this, as per the given options?

Several cloud service providers do not permit audits initiated by the customer or a third party. They also frequently prohibit vulnerability scans of their production environment to prevent service disruptions. Instead, many provide third-party audit outcomes in the form of a service organization controls (SOC) report or a comparable audit document.