Valid Managing-Cloud-Security Dumps shared by EduDump.com for Helping Passing Managing-Cloud-Security Exam! EduDump.com now offer the newest Managing-Cloud-Security exam dumps, the EduDump.com Managing-Cloud-Security exam questions have been updated and answers have been corrected get the newest EduDump.com Managing-Cloud-Security dumps with Test Engine here:
An organization is undergoing an ISO 27001 audit that includes a software as a service (SaaS) solution within scope, and the auditor has requested evidence of controls. What evidence should the organization provide the auditor?
Correct Answer: B
When a SaaS solution is included within the scope of an ISO 27001 audit, the organization should provide the cloud provider's compliance attestation as evidence of controls. Managing Cloud guidance explains that in the SaaS model, the provider manages infrastructure, platform, and application-level controls. Because customers do not manage operating systems, firewalls, or physical data centers in SaaS, they cannot supply direct technical evidence for those controls. Instead, third-party audit reports and attestations demonstrate that the provider has implemented appropriate security controls. Firewall rules, OS patch logs, and physical diagrams are not accessible to SaaS customers. Therefore, provider compliance attestation is the correct evidence.