Review supply chain agreements between CSPs and CSCs at least annually.
Reviews should include activities to identify non-conformance with contractual requirements and SLAs for services a CSP provides. If non-conformance issues are identified, the parties involved should negotiate and remediate the problems.
- Determine if a documented review schedule of CSP-CSC supply chain agreements exists on an annual basis and is operating.
- Examine the organization's implementation of its third-party management policy.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.