Certificate of Cloud Auditing Knowledge (CCAK) — Question 259

Which of the following is the PRIMARY component to determine the success or failure of an organization’s cloud compliance program?

Answer options

• A. Mapping who possesses the information and data that should drive the compliance goals
• B. Determining the risk treatment options to be used in the compliance program
• C. Selecting the external frameworks that will be used as reference
• D. Defining the metrics and indicators to monitor the implementation of the compliance program

Correct answer: D

Explanation

The correct answer is D because defining metrics and indicators is essential for monitoring compliance program implementation, ensuring that objectives are met. Options A, B, and C, while important, focus on identifying resources, determining strategies, and selecting frameworks rather than the actual monitoring and evaluation of the program's effectiveness.