A health care applications software company has been growing rapidly by acquiring several similar
companies, which are based in other states.
IT is now struggling to provide services for developing, testing and supporting multiple application
teams. For each application, customer support must frequently handle sensitive electronic medical
records data that is subject to Federal compliance. No formal standards or policies have been
established across application teams relative to sensitive data.
With the goal of ITaaS transformation, senior management seeks to establish IT governance.
What would you recommend for a governance model, and why?

A.
Centralized, since security and compliance concerns are relatively homogeneous across the
enterprise

B.
Hybrid, since it is the best approach during rapid growth by acquisition

C.
Federated by application, since it ensures autonomy for each application team and promotes
customer satisfaction

D.
Distributed by geography, since it enables localized control and lock down of sensitive data