Certificate of Cloud Auditing Knowledge (CCAK) — Question 243

To ensure that compliance obligations for data residency in the cloud are aligned with an organization’s risk appetite, which of the following activities is MOST important to perform?

Answer options

• A. Manage compliance obligations through a structured risk management process.
• B. Communicate the organization’s risk appetite across cloud service providers.
• C. Perform a cloud vendor assessment every time there is a change to data flows.
• D. Develop risk metrics to show how the organization is meeting the obligations.

Correct answer: A

Explanation

The correct answer is A because a structured risk management process is essential for effectively managing compliance obligations in relation to risk appetite. Options B, C, and D, while important, do not directly address the systematic approach needed to align compliance with risk management.