Compliance issues should be the primary consideration for the ERM committee because using a cloud-based CRM system in a multi-national context may involve different legal and regulatory requirements regarding data privacy, protection, localization, and transfer. The ERM committee should ensure that the company and the cloud service provider comply with the applicable laws and standards of each country where they operate, as well as the industry-specific regulations such as PCI DSS or GDPR. Compliance issues may also affect the security, vendor capability, and ROI of the cloud-based CRM system, as non-compliance may result in fines, penalties, reputational damage, or loss of customers. References:
CGEIT Review Manual 2021, Chapter 2: IT Risk Management, Section 2.3: Risk Response, page 751
CGEIT Review Questions, Answers & Explanations Manual 2021, Question 4, page 162
Cloud Compliance: What It Is + 8 Best Practices for Improving It2
Overcoming Compliance Issues in Cloud Computing | Tripwire3
Submit