In a multi-level supply chain structure where cloud service provider A relies on other sub cloud services, the provider should ensure that any compliance requirements relevant to the provider are:

In a multi-level supply chain structure where cloud service provider A relies on other sub cloud services, the provider should ensure that any compliance requirements relevant to the provider are:
A . treated as confidential information and withheld from all sub cloud service providers.
B . treated as sensitive information and withheld from certain sub cloud service providers.
C . passed to the sub cloud service providers.
D . passed to the sub cloud service providers based on the sub cloud service providers’ geographic location.

View Answer

Answer: C

Explanation:

In a multi-level supply chain structure where cloud service provider A relies on other sub cloud service providers, the provider should ensure that any compliance requirements relevant to the provider are passed to the sub cloud service providers. This is because the sub cloud service providers may have access to or process the provider’s data or resources, and therefore need to comply with the same standards and regulations as the provider. Passing the compliance

requirements to the sub cloud service providers can also help the provider to monitor and audit the

sub cloud service providers’ performance and security, and to mitigate any risks or issues that may

arise.

Reference: ISACA, Certificate of Cloud Auditing Knowledge (CCAK) Study Guide, 2021, p. 85-86.

CSA, Cloud Controls Matrix (CCM) v4.0, 2021, p. 7-8