🔥 3-day streak
ISC2 CCSP — Certified Cloud Security Professional64 / 124
Question 64 of 124

A healthcare analytics company is evaluating a SaaS provider that will process regulated patient PII on the company's behalf. The compliance officer wants independent, standards-based assurance that the provider has implemented specific controls for protecting personally identifiable information as a processor in the public cloud — including restrictions on using PII for the provider's own marketing and commitments to notify the customer of any government data disclosure requests. Which assurance artifact BEST demonstrates that these specific PII-processing controls are in place?

Reviewed for accuracy · Report an issueNext question