Certified in Risk and Information Systems Control (CRISC) — Question 888

An organization has outsourced a critical process involving highly regulated data to a third party with servers located in a foreign country. Who is accountable for the confidentiality of this data?

Answer options

• A. Regional office executive
• B. Data owner
• C. Data custodian
• D. Third-party data custodian

Correct answer: B

Explanation

The Data owner is accountable for the confidentiality of the data, regardless of where it is stored or processed. They are responsible for determining the appropriate levels of protection and ensuring compliance with regulations. The other roles, such as the Data custodian and third-party data custodian, may handle the data but do not have the ultimate accountability for its confidentiality.