When developing a cloud compliance program, what is the PRIMARY reason for a cloud customer

When developing a cloud compliance program, what is the PRIMARY reason for a cloud customer
A . To determine the total cost of the cloud services to be deployed
B . To confirm whether the compensating controls implemented are sufficient for the cloud services
C . To determine how those services will fit within its policies and procedures
D . To confirm which vendor will be selected based on compliance with security requirements

View Answer

Answer: C

Explanation:

When developing a cloud compliance program, the primary reason for a cloud customer to determine how those services will fit within its policies and procedures is to ensure that the cloud services are aligned with the customer’s business objectives, risk appetite, and compliance obligations. Cloud services may have different characteristics, features, and capabilities than traditional on-premises services, and may require different or additional controls to meet the customer’s security and compliance requirements. Therefore, the customer needs to assess how the cloud services will fit within its existing policies and procedures, such as data classification, data protection, access management, incident response, audit, and reporting. The customer also needs to identify any gaps or conflicts between the cloud services and its policies and procedures, and implement appropriate measures to address them. By doing so, the customer can ensure that the cloud services are used in a secure, compliant, and effective manner12.

Reference: ISACA, Certificate of Cloud Auditing Knowledge (CCAK) Study Guide, 2021, p. 19-20.

Cloud Compliance Frameworks: What You Need to Know