Certificate of Cloud Auditing Knowledge (CCAK) — Question 40

One of the Cloud Control Matrix’s (CCM’s) control specifications states that “Independent reviews and assessments shall be performed at least annually to ensure that the organization addresses nonconformities of established policies, standards, procedures, and compliance obligations.” Which of the following controls under the Audit Assurance and Compliance domain does this match to?

Answer options

• A. Audit planning
• B. Information system and regulatory mapping
• C. GDPR auditing
• D. Independent audits

Correct answer: D

Explanation

The correct answer, D, 'Independent audits,' directly relates to the requirement for annual independent reviews and assessments. Options A, B, and C do not specifically pertain to the independent reviews and compliance checks outlined in the CCM control specification.