Certificate of Cloud Auditing Knowledge (CCAK) — Question 33

Which statement about compliance responsibilities and ownership of accountability is correct?

Answer options

• A. Organizations may be able to transfer their accountability for compliance with various regulatory requirements to their CSPs, but they retain the ownership of responsibility.
• B. Organizations may be able to transfer their responsibility for compliance with various regulatory requirements to their CSPs, but they retain the ownership of accountability.
• C. Organizations may transfer their responsibility and accountability for compliance with various regulatory requirements to their CSPs.
• D. Organizations are not able to transfer their responsibility nor accountability for compliance with various regulatory requirements to their CSPs.

Correct answer: B

Explanation

The correct answer is B because organizations can delegate the execution of compliance tasks to their CSPs but must maintain ultimate accountability for regulatory adherence. Options A and D incorrectly suggest that accountability can be transferred, while option C implies complete transfer of both responsibility and accountability, which is not permissible.