CompTIA CASP+ (CAS-004) — Question 491

A CRM company leverages a CSP PaaS service to host and publish its SaaS product. Recently, a large customer requested that all infrastructure components must meet strict regulatory requirements, including configuration management, patch management, and life-cycle management. Which of the following organizations is responsible for ensuring those regulatory requirements are met?

Answer options

• A. The CRM company
• B. The CRM company's customer
• C. The CSP
• D. The regulatory body

Correct answer: C

Explanation

The correct answer is C, as the Cloud Service Provider (CSP) is responsible for maintaining the infrastructure and ensuring it meets regulatory requirements. The CRM company relies on the CSP for compliance, while the customer can request compliance but is not responsible for it. The regulatory body sets the standards but does not ensure compliance directly.