Select the one answer below, which best reflects what Information/Data Governance is concerned with.

a. HIPAA regulations.

b. Sarbanes-Oxley regulations.

c. Business objective to improve customer service.

d. All of the above.

e. None of the above.

An organization outsources their customer relationship management system (CRM) to a SaaS cloud provider. This SaaS cloud provider does not allow individual customers to directly assess their operations and instead as an alternative, offers the full, independent assessment results that were completed by a large, well-known auditing firm.

True or False: It would NOT be acceptable for the customer to use these results as a substitute for performing their own assessment.

a. True

b. False

The very first step that a cloud consumer should take when evaluating potential cloud providers would be what?

a. Contact all potential providers and have them answer a series of questions about what they offer.

b. Do Google search and see how the cloud providers are rated on Yelp.

c. Ask a friend who works in IT what cloud provider they would use.

d. Look up the potential providers in the freely-available Cloud Security Alliance STAR registry and review any materials available about their services.

e. None of the above options is correct.