Your company is planning to migrate its customer relationship management (CRM) system to a Software as a Service (SaaS) provider. As a cybersecurity architect, you are tasked with specifying the security requirements for this SaaS service to ensure compliance with industry standards and protect sensitive customer data. The solution must address multi-factor authentication, data encryption at rest and in transit, regular security audits, and a clear incident response plan. Considering these requirements, which of the following approaches BEST ensures the security of the SaaS service? (Choose one.)