CV0-003 · Question #418
A pharmaceutical company is migrating its systems and infrastructure to the cloud. Due to security restrictions and regulatory policies, the company Chief Executive Officer (CEO) is concerned about mo
The correct answer is A. Review compliance requirements.. Before migrating regulated pharmaceutical data to the cloud, the organization must first identify what external compliance requirements govern that data to determine what is permissible.
Question
A pharmaceutical company is migrating its systems and infrastructure to the cloud. Due to security restrictions and regulatory policies, the company Chief Executive Officer (CEO) is concerned about moving this information to the cloud. Based on the CEO's concern, which of the following should the company do First?
Options
- AReview compliance requirements.
- BApply defined audit/compliance requirements.
- CReview company security policies.
- DUpdate the security tools to systems and services.
How the community answered
(50 responses)- A94% (47)
- C2% (1)
- D4% (2)
Why each option
Before migrating regulated pharmaceutical data to the cloud, the organization must first identify what external compliance requirements govern that data to determine what is permissible.
Reviewing compliance requirements first establishes the regulatory framework - such as HIPAA, FDA 21 CFR Part 11, or GxP guidelines - that governs how pharmaceutical data must be stored, processed, and protected. This step defines the constraints and conditions under which a cloud migration may legally proceed, and it must precede all technical or policy decisions.
Applying audit and compliance requirements presupposes that you already know what those requirements are, making this a second step that cannot happen before the initial review.
Reviewing internal company security policies is important but insufficient on its own, because internal policies may not capture all external regulatory obligations that apply to pharmaceutical data in the cloud.
Updating security tools is a technical implementation step that can only be scoped and executed after the applicable compliance requirements have been identified and understood.
Concept tested: Compliance requirements review before cloud migration
Source: https://csrc.nist.gov/publications/detail/sp/500-322/final
Topics
Community Discussion
No community discussion yet for this question.