What aspect of Software as a Service (SaaS) functionality and operations would the cloud customer be responsible for and should be audited?
During an audit, it was identified that a critical application hosted in an off-premises cloud is not part of the organization's disaster recovery plan (DRP). Management stated that it is responsible for ensuring the cloud service provider has a plan that is tested annually. What should be the auditor's NEXT course of action?
From an auditor perspective, which of the following BEST describes shadow IT?
In a multi-level supply chain structure where cloud service provider A relies on other sub cloud services, the provider should ensure that any compliance requirements relevant to the provider are: