IPY-01: Interoperability and Portability Policy and Procedures

Info icon.

Control is new to this version of the control set and incorporates the following items from the previous version: GRM-06: Policy, GRM-09: Policy Reviews, IPY-03: Policy & Legal.

Control Statement

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for interoperability and portability including requirements for:

  1. Communications between application interfaces
  2. Information processing interoperability
  3. Application development portability
  4. Information/Data exchange, usage, portability, integrity, and persistence

Review and update the policies and procedures at least annually.

Implementation Guidance

The organization should leverage security testing of interoperability and portability policies and procedures.

Auditing Guidance

  1. Examine policy for adequacy, currency, communication, and effectiveness.
  2. Examine the inventory of documentation that establishes the requirements and communication of this control.
  3. Examine policy and procedures for evidence of review at least annually.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.