diff --git a/README.md b/README.md
index 5bf3034..522e500 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@ A Terraform Module to configure the Lacework Agentless Scanner.
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.31 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5 |
 | <a name="requirement_google"></a> [google](#requirement\_google) | ~> 4.46 |
 | <a name="requirement_lacework"></a> [lacework](#requirement\_lacework) | ~> 1.18 |
 
diff --git a/checks.tf b/checks.tf
new file mode 100644
index 0000000..7beccb9
--- /dev/null
+++ b/checks.tf
@@ -0,0 +1,10 @@
+// ensure that organization_id is not empty, even for project-level integrations
+check "non_empty_organization_id" {
+  // There can be multiple reasons for an empty `organization_id`. One example is that the provider project resides
+  // in a folder. In this case, google_project.selected[0].org_id will be empty whereas google_project.selected[0].folder_id
+  // will be non-empty. We'd need to ask the user to provide the organization_id in such cases.
+  assert {
+    condition     = local.organization_id != ""
+    error_message = "No `organization_id` is provided and we failed to derive one. Please provide `organization_id`."
+  }
+}
diff --git a/custom_roles.tf b/custom_roles.tf
index 6e9be41..d45fe30 100644
--- a/custom_roles.tf
+++ b/custom_roles.tf
@@ -26,7 +26,7 @@ resource "google_project_iam_custom_role" "agentless_orchestrate_monitored_proje
 resource "google_organization_iam_custom_role" "agentless_orchestrate_monitored_project_resource_group" {
   count = var.global && (var.integration_type == "PROJECT") ? 1 : 0
 
-  org_id  = var.organization_id
+  org_id  = local.organization_id
   role_id = replace("${var.prefix}-resource-group-${local.suffix}", "-", "_")
   title   = "Lacework Agentless Workload Scanning Role for monitored project (Resource Group)"
   permissions = [
@@ -44,7 +44,7 @@ resource "google_organization_iam_custom_role" "agentless_orchestrate" {
   count = var.global && (var.integration_type == "ORGANIZATION") ? 1 : 0
 
   role_id = replace("${var.prefix}-snapshot-${local.suffix}", "-", "_")
-  org_id  = var.organization_id
+  org_id  = local.organization_id
   title   = "Lacework Agentless Workload Scanning Role for monitored organization (Organization Snapshots)"
   permissions = [
     "iam.roles.get",
diff --git a/main.tf b/main.tf
index 66b5830..0e74ef5 100644
--- a/main.tf
+++ b/main.tf
@@ -3,7 +3,7 @@ locals {
   final_project_filter_list = length(var.global_module_reference.project_filter_list) > 0 ? var.global_module_reference.project_filter_list : var.project_filter_list
 
   scanning_project_id = length(var.scanning_project_id) > 0 ? var.scanning_project_id : data.google_project.selected[0].project_id
-  organization_id     = length(var.organization_id) > 0 ? var.organization_id : (data.google_project.selected[0].org_id != null ? data.google_project.selected[0].org_id : "")
+  organization_id     = length(var.organization_id) > 0 ? var.organization_id : (length(data.google_project.selected) > 0 && data.google_project.selected[0].org_id != null ? data.google_project.selected[0].org_id : "")
 
   agentless_orchestrate_service_account_email = var.global ? google_service_account.agentless_orchestrate[0].email : (length(var.global_module_reference.agentless_orchestrate_service_account_email) > 0 ? var.global_module_reference.agentless_orchestrate_service_account_email : var.agentless_orchestrate_service_account_email)
   agentless_scan_service_account_email        = var.global ? google_service_account.agentless_scan[0].email : (length(var.global_module_reference.agentless_scan_service_account_email) > 0 ? var.global_module_reference.agentless_scan_service_account_email : var.agentless_scan_service_account_email)
@@ -84,8 +84,9 @@ data "lacework_user_profile" "current" {}
 
 data "google_client_config" "default" {}
 
+// if the scanning project id is not provided, use the project specified in the provider
 data "google_project" "selected" {
-  count = length(var.scanning_project_id) > 0 ? (length(var.organization_id) > 0 ? 0 : 1) : 1
+  count = length(var.scanning_project_id) > 0 ? 0 : 1
 }
 
 resource "google_project_service" "required_apis" {
@@ -253,7 +254,7 @@ resource "google_service_account" "agentless_orchestrate" {
 resource "google_organization_iam_member" "agentless_orchestrate" {
   count = var.global && (var.integration_type == "ORGANIZATION") ? 1 : 0
 
-  org_id = var.organization_id
+  org_id = local.organization_id
   role   = google_organization_iam_custom_role.agentless_orchestrate[0].id
   member = "serviceAccount:${local.agentless_orchestrate_service_account_email}"
 }
diff --git a/versions.tf b/versions.tf
index b145a28..bc659d1 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.12.31"
+  required_version = ">= 1.5"
 
   required_providers {
     google = "~> 4.46"