Define and implement a process for conducting security assessments periodically for all organizations within the supply chain.
Assessments should validate alignment with applicable industry standards as well as service and contract requirements.
- Examine the policy related to the security assessments of the supply chain.
- Examine the policy related to identification of risks related to external parties.
- Determine if procedures exist for identification of risks related to external parties
- Evaluate evidence of the conduct of assessments of organizations within the supply chain, periodically as required by the policy.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.