Certified in the Governance of Enterprise IT (CGEIT) — Question 12
A regional business unit of a major financial institution is considering the use of a Software as a Service (SaaS) cloud vendor to implement a new system. Which of the following should be performed FIRST?
Answer options
- A. Update the outsourcing policy.
- B. Investigate on-premise software solutions.
- C. Develop a business case.
- D. Determine if the cloud vendor has a secure data center.
Correct answer: D
Explanation
The first action should be to confirm that the cloud vendor has a secure data center, as security is paramount when handling sensitive financial data. Updating the outsourcing policy and investigating on-premise solutions or developing a business case can follow, but they are not as critical as ensuring the vendor's security infrastructure.