🔥 3-day streak
ISC2 CCSP — Certified Cloud Security Professional22 / 124
Question 22 of 124
A financial services firm is completing a vendor risk assessment on a SaaS provider that will process regulated customer data. During the review, the security team discovers the SaaS provider relies on a separate third-party analytics company to enrich data, and that analytics company in turn uses an offshore IaaS provider for compute. The firm's regulator holds it accountable for the full processing chain. Which action best addresses the enterprise risk this arrangement creates?
Reviewed for accuracy · Report an issueNext question