You are a Google Cloud organization administrator. You need to configure organization policies and log sinks on Google Cloud projects that cannot be removed by project users to comply with your company's security policies. The security policies are different for each company department. Each company department has a user with the Project Owner role assigned to their projects. What should you do?
To ensure that organization policies and log sinks are applied in a way that cannot be altered by project users, and to accommodate the different security policies for each department, you should organize projects under folders for each department. Configuring both organization policies and log sinks on the folders ensures centralized control and adherence to security policies. Project owners cannot modify or remove these configurations when they are applied at the folder level.
As per question, the security policies are different for each company department. Hence, organizing each department in folders, Organizational Policies on Folders, and Log Sinks on Folders will work. Project owners cannot modify or remove organization policies applied at the folder or organization level.
RuchiMishra is right.