A retail corporation with widely distributed store locations and IP space must meet PCI requirements relating to vulnerability scanning. The organization plans to outsource this function to a third party to reduce costs. Which of the following should be used to communicate expectations related to the execution of scans?
A. Vulnerability assessment report
B. Lessons learned documentation