CompTIA SecurityX (CAS-005) — Question 6

A CRM company leverages a CSP PaaS service to host and publish Its SaaS product. Recently, a large customer requested that all infrastructure components must meet strict regulatory requirements, including configuration management, patch management, and life-cycle management. Which of the following organizations is responsible for ensuring those regulatory requirements are met?

Answer options

• A. The CRM company
• B. The CRM company's customer
• C. The CSP
• D. The regulatory body

Correct answer: A

Explanation

The CRM company is responsible for meeting the regulatory requirements as they own the SaaS product and its associated infrastructure. While the CSP provides the platform, the ultimate responsibility for compliance lies with the CRM company, not the customer or the regulatory body.