CompTIA
CV0-003 · Question #418
CV0-003 Question #418: Real Exam Question with Answer & Explanation
The correct answer is A: Review compliance requirements.. Before migrating regulated pharmaceutical data to the cloud, the organization must first identify what external compliance requirements govern that data to determine what is permissible.
Security
Question
A pharmaceutical company is migrating its systems and infrastructure to the cloud. Due to security restrictions and regulatory policies, the company Chief Executive Officer (CEO) is concerned about moving this information to the cloud. Based on the CEO's concern, which of the following should the company do First?
Options
- AReview compliance requirements.
- BApply defined audit/compliance requirements.
- CReview company security policies.
- DUpdate the security tools to systems and services.
Explanation
Before migrating regulated pharmaceutical data to the cloud, the organization must first identify what external compliance requirements govern that data to determine what is permissible.
Common mistakes.
- B. Applying audit and compliance requirements presupposes that you already know what those requirements are, making this a second step that cannot happen before the initial review.
- C. Reviewing internal company security policies is important but insufficient on its own, because internal policies may not capture all external regulatory obligations that apply to pharmaceutical data in the cloud.
- D. Updating security tools is a technical implementation step that can only be scoped and executed after the applicable compliance requirements have been identified and understood.
Concept tested. Compliance requirements review before cloud migration
Reference. https://csrc.nist.gov/publications/detail/sp/500-322/final
Topics
#compliance#regulatory requirements#PII#cloud migration planning
Community Discussion
No community discussion yet for this question.