STA-09: Third Party Audits

CSF v1.1 References:

PF v1.0 References:

Warning icon.

Control is withdrawn in the next version of this control set and incorporated into: STA-12: Supply Chain Service Agreement Compliance.

Control Statement

Third-party service providers shall demonstrate compliance with information security and confidentiality, access control, service definitions, and delivery level agreements included in third-party contracts. Third-party reports, records, and services shall undergo audit and review at least annually to govern and maintain compliance with the service delivery agreements.

[ Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.