Security audits should only be performed by external third-party organizations.

Choose the correct answer: