Apply, document, implement and manage the SSRM throughout the supply chain for the cloud service offering.
The SSRM must explicitly detail each specific service based on the cloud service model and implementation specifics. Accordingly, each party in the supply chain must document, implement and manage their SSRM responsibilities for their specific service. This includes supporting service providers such as infrastructure as a service (IaaS) providers engaged by primary software as a service (SaaS) CSPs and specialized CSPs (e.g., IDaaS, CASB, DDOS/CDN/DNS services) employed by the CSP and/or the CSC.
- Examine the policy for provisions related to service delivery.
- Evaluate the process for communication of requirements and service levels to vendors and other third-parties.
- Determine if a review of effectiveness is in place, especially with respect to contractual requirements.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.