Develop and maintain an inventory of all supply chain relationships.
Both the CSP and CSC should develop, manage and maintain a comprehensive inventory of all supply chain relationships (i.e., third-party product and service providers) involved in implementing, operating, and securing their respective cloud service implementations. This process should include assembling, tracking, and maintaining key organizational roles, contracts, contacts, and risk-related information about each third party in the supply chain regularly (and when significant changes occur) to facilitate supply chain risk management practices.
- Determine if there is an inventory maintained of all supply chain relationships.
- Establish ownership for maintaining this inventory.
- Examine the inventory's records to establish whether CSP/CSC relationships are maintained in this inventory.
- Determine whether this inventory is subject to review.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.