A business unit within an enterprise has directly contracted with a cloud service provider to process sensitive customer information.

December 11, 2021 by Admin

A business unit within an enterprise has directly contracted with a cloud service provider to process sensitive customer information. The CIO later identifies a serious risk of potential data compromise due to the vendor’s insufficient segregation of environments and lack of strong access controls. The FIRST course of action should be to:

  • immediately suspend sending of data to the cloud service provider.
  • notify internal audit of the risk.
  • discuss the risk with the vendor to determine mitigation actions.
  • inform the business process owner of the risk.

Leave a Reply