Which artifact may be required as a data source for a compliance audit in a cloud environment?

In the context of a compliance audit in a cloud environment, change management details serve as a vital artifact. They document the processes and procedures followed when making changes to systems, applications, or environments. This is important for compliance because change management is closely tied to maintaining security and integrity within a cloud infrastructure. Auditors need to ensure that any changes have been made in accordance with established policies and have been properly authorized and documented, thereby preventing unauthorized modifications that could lead to security risks or compliance violations.

On the other hand, customer SLAs, while important for contractual obligations, do not directly address the internal compliance processes. Quarterly revenue projections and annual actual-to-budgeted expense reports are related to financial performance and planning but lack relevance to the specific governance and control measures required for a compliance audit in a cloud-based environment. Change management details specifically highlight how changes affect compliance, making them essential evidence for conducting such audits.