Question 3
UnclassifiedIn a multi-level supply chain structure where cloud service provider A relies on other sub cloud services, the provider should ensure that any compliance requirements relevant to the provider are:
Correct answer: A
Explanation
In a multi-level supply chain, compliance obligations must flow down to subcontractors so each party meets the rules that apply to its operations. Because legal and regulatory duties vary by jurisdiction, the provider should pass requirements to sub cloud service providers based on their geographic location, where those obligations arise.
Why each option is right or wrong
A. passed to the sub cloud service providers based on the sub cloud service providers' geographic location.
Under the principle of flow-down obligations in cloud supply chains, the prime provider must impose on each downstream provider the legal and regulatory duties that attach to that downstream entity’s own place of performance. This is necessary because compliance requirements are jurisdiction-specific and may differ by country or region, so the relevant obligations are those triggered by the sub cloud service provider’s geographic location rather than the upstream provider’s location.
B. passed to the sub cloud service providers.
C. treated as confidential information and withheld from all sub cloud service providers.
D. treated as sensitive information and withheld from certain sub cloud service providers.