Third-Party Cloud Service Provider Security Assessment Criteria | SY0-601 Exam Answer

Security Assessment Criteria for Selecting a Third-Party Cloud Service Provider

Q: When considering a third-party cloud service provider, which of the following criteria would be the BEST to include in the security assessment process? (Choose two.)

Adherence to regulatory complianceData retention policies

Prev Question Next Question

Question

When considering a third-party cloud service provider, which of the following criteria would be the BEST to include in the security assessment process? (Choose two.)

Answers

A. Use of performance analytics

B. Adherence to regulatory compliance

C. Data retention policies

D. Size of the corporation

E. Breadth of applications support.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

BC.

When assessing a third-party cloud service provider, it is important to consider various factors that may impact the security of the data that will be hosted in the cloud environment. The two BEST criteria to include in the security assessment process are:

Adherence to Regulatory Compliance: One of the most important factors to consider when selecting a cloud service provider is their adherence to regulatory compliance. The cloud provider must comply with various regulations and standards, such as HIPAA, PCI DSS, GDPR, and others, depending on the nature of the data being hosted. The provider must also provide evidence of compliance with these regulations through audit reports, certifications, and other relevant documentation.
Data Retention Policies: Data retention policies are critical in determining how long data will be stored in the cloud and who will have access to it. The cloud provider must have clear and well-defined data retention policies that align with the organization's data retention policies. This will ensure that data is not retained longer than necessary, reducing the risk of data exposure, and ensuring compliance with regulations.

The other options mentioned are also important factors that may impact the security of the data, but they are not the BEST criteria to include in the security assessment process:

Use of performance analytics: This may be an important consideration for ensuring the availability and reliability of the cloud service, but it does not directly impact the security of the data.
Size of the corporation: The size of the corporation does not necessarily correlate with the security of the cloud service they provide. Both small and large cloud service providers may offer secure services, and vice versa.
Breadth of applications support: This is an important consideration if the organization requires specific applications to be hosted in the cloud, but it is not directly related to the security of the data.

Prev Question Next Question