Register
An infrastructure team within an energy organization is at the end of a procurement process and has selected a vendor's SaaS platform to deliver services. As part of the legal negotiation, there are a
66.7k views
2 votes
An infrastructure team within an energy organization is at the end of a procurement process and has selected a vendor's SaaS platform to deliver services. As part of the legal negotiation, there are a number of outstanding risks, including:

1. There are clauses that confirm a data retention period in line with what is in the energy organization's security policy.
2. The data will be hosted and managed outside of the energy organization's geographical location.
The number of users accessing the system will be small, and no sensitive data will be hosted in the SaaS platform.

Which of the following should the project's security consultant recommend as the NEXT step?

A. Develop a security exemption, as the solution does not meet the security policies of the energy organization.
B. Require a solution owner within the energy organization to accept the identified risks and consequences.
C. Mititgate the risks by asking the vendor to accept the in-country privacy principles and modify the retention period.
D. Review the procurement process to determine the lessons learned in relation to discovering risks toward the end of the process.

User Grg
by
7.9k points

1 Answer

4 votes

Final answer:

Recommend that a solution owner within the energy organization accept the identified risks and consequences for the SaaS platform being outside the organization's geographical area with clear documentation of their decision.

Step-by-step explanation:

The student's question pertains to the next steps an infrastructure team within an energy organization should take concerning outstanding risks identified toward the end of the procurement process for a SaaS platform. Considering that data will be hosted outside the organization's geographical location but no sensitive data will be stored on the platform, and only a small number of users will access it, the security consultant should recommend requiring a solution owner within the organization to accept the identified risks and consequences. This step ensures that responsibility for the decision is clearly documented and understood within the organization. The solution owner's acceptance of the risks underscores the importance of buy-in from stakeholders, which includes understanding and agreeing with the chosen approach to managing such risks.

User Paris Liakos
by
7.9k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

9.2m questions

11.9m answers

Other Questions

What can turn igneous rock into sediment?
In what way did the GI Bill contribute to the growth of professional and white-collar jobs ? A.by providing US laborers with new job-training programs B.by giving US veterans assistance to purchase a new
What is meant by data mining ?
What is the best way to describe a stock market?
You sell popcorn during your schools football games. Knowing that the people usually buy more when the price is lower, how would you price your popcorn after halftime?
Link Copied!