Exam CCAK topic 1 question 116 discussion

p. 49 CCAK Study Guide - In the cloud, responsibility for some actions (e.g., implementation of security controls) can be transferred to the CSP; however, the cloud customer is ultimately accountable.

The correct statement is: **B. Organizations may be able to transfer their responsibility for compliance with various regulatory requirements to their CSPs, but they retain the ownership of accountability.** In the context of cloud services, while organizations can delegate certain compliance responsibilities to their cloud service providers (CSPs), such as managing the security of the cloud infrastructure, the ultimate accountability for compliance with regulatory requirements remains with the organizations themselves. This means that even though CSPs may handle specific tasks or controls, the organization is ultimately accountable for ensuring that all compliance requirements are met.

CCAK P# 65 With the introduction of the cloud, customers transfer to CSPs not only some IT stacks, but also some responsibility for policies, standards, business requirements, and legal and regulatory requirements. Although security is a shared responsibility between the cloud service provider and the organization, with responsibilities distributed across the stack, compliance accountability remains with the customer.

"Shared responsibility model - The compliance responsibility between cloud customer and the cloud service provider based on the degree of control each party has over the architecture stack" p. 408 (glossary) CCAK study guide