In a multi-level supply chain structure where cloud service provider A relies on other sub cloud services, the provider should ensure that any compliance requirements relevant to the provider are:

In a multi-level supply chain structure where cloud service provider A relies on other sub cloud services, the provider should ensure that any compliance requirements relevant to the provider are:
A . passed to the sub cloud service providers based on the sub cloud service providers’ geographic location.
B . passed to the sub cloud service providers.
C . treated as confidential information and withheld from all sub cloud service providers.
D . treated as sensitive information and withheld from certain sub cloud service providers.

View Answer

Answer: B

Explanation:

In a multi-level supply chain structure, the cloud service provider should ensure that any compliance requirements relevant to the provider are passed to the sub cloud service providers, regardless of their geographic location. This is because the sub cloud service providers may have access to or process the data of the provider’s customers, and thus may affect the compliance status of the provider. The provider should also monitor and verify the compliance of the sub cloud service providers on a regular basis. This is part of the Cloud Control Matrix (CCM) domain COM-01: Regulatory Frameworks, which states that "The organization should identify and comply with applicable regulatory frameworks, contractual obligations, and industry standards."1

Reference: CCAK Study Guide, Chapter 3: Cloud Compliance Program, page 51