Secure, monitor, maintain, and test utilities services for continual effectiveness at planned intervals.
Examples of utility services include but are not limited to water, power, telecommunications, and internet connectivity. Service reviews should include activities to protect from unauthorized interception or damage and ensure the services are designed with automated failover or other redundancies if planned or unplanned disruptions occur.
- Confirm the existence of the policy and procedures relating to utilities services.
- Confirm that the control effectiveness of utilities services is conducted at periodic intervals.
- Determine if utility services logs are maintained and reviewed periodically.
- Determine if testing of the utilities services is included in the CSP contract with the customer.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.