STA-11: Internal Compliance Testing

Previous Version:

Control Statement

Define and implement a process for conducting internal assessments to confirm conformance and effectiveness of standards, policies, procedures, and service level agreement activities at least annually.

Implementation Guidance

The scope of assessments should include STA-related policies and procedures while validating adherence to STA controls and SLA requirements. Applicability includes assessing conformance and effectiveness across the supply chain, including the total cloud service technology stack (as appropriate). Refer to A&A-02.

Auditing Guidance

  1. Examine the process for determining the standards and policy that service level agreements must conform to.
  2. Examine the process to determine contractual, legal, and technical requirements applicable to service level agreements.
  3. Determine if internal assessments are defined, planned, and executed, at least annually.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.