Which of the following methods can be used by a cloud service provider with a cloud customer that does not want to share security and control information?

Which of the following methods can be used by a cloud service provider with a cloud customer that does not want to share security and control information?
A . Nondisclosure agreements (NDAs)
B . Independent auditor report
C . First-party audit
D . Industry certifications

View Answer

Answer: B

Explanation:

An independent auditor report is a method that can be used by a cloud service provider (CSP) with a cloud customer that does not want to share security and control information. An independent auditor report is a document that provides assurance on the CSP’s security and control environment, based on an audit conducted by a qualified third-party auditor. The audit can be based on various standards or frameworks, such as ISO 27001, SOC 2, CSA STAR, etc. The independent auditor report can provide the cloud customer with the necessary information to evaluate the CSP’s security and control posture, without disclosing sensitive or proprietary details. The CSP can also use the independent auditor report to demonstrate compliance with relevant regulations or contractual obligations.

Reference: ISACA, Certificate of Cloud Auditing Knowledge (CCAK) Study Guide, 2021, p. 83-84. ISACA, Cloud Computing Audit Program, 2019, p. 6-7.