STA-13: Supply Chain Governance Review

CSF v1.1 References:

PF v1.0 References:

Previous Version:

Control Statement

Periodically review the organization's supply chain partners' IT governance policies and procedures.

Implementation Guidance

Reviews should validate alignment with applicable industry standards as well as service and contract requirements.

Auditing Guidance

  1. Examine the policy for review of supply chain partners governance of IT.
  2. Determine if the right to review is incorporated contractually.
  3. Evaluate whether such a review cycle is operating within the organization.

[ Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.