Supply Chain Management and Transparency and Accountability (STA)
Level N/A
Provide SSRM Guidance to the CSC detailing information about the SSRM applicability throughout the supply chain.
Supply Chain Management and Transparency and Accountability (STA)
Level N/A
Delineate the shared ownership and applicability of all CSA CCM controls according to the SSRM for the cloud service offering.
Supply Chain Management and Transparency and Accountability (STA)
Level N/A
Review and validate SSRM documentation for all cloud services offerings the organization uses.
Supply Chain Management and Transparency and Accountability (STA)
Level N/A
Implement, operate, and audit or assess the portions of the SSRM which the organization is responsible for.
Supply Chain Management and Transparency and Accountability (STA)
Level N/A
Develop and maintain an inventory of all supply chain relationships.
Supply Chain Management and Transparency and Accountability (STA)
Level N/A
CSPs periodically review risk factors associated with all organizations within their supply chain.
Supply Chain Management and Transparency and Accountability (STA)
Service agreements between CSPs and CSCs (tenants) must incorporate at least the following mutually-agreed upon provisions and/or terms: • Scope, characteristics and location of business relationship and services offered • Information security requirements (including SSRM) • Change management process • Logging and monitoring capability • Incident management and communication procedures • Right to audit and third party assessment • Service termination • Interoperability and portability requirements • Data privacy
Supply Chain Management and Transparency and Accountability (STA)
Level N/A
Review supply chain agreements between CSPs and CSCs at least annually.
Supply Chain Management and Transparency and Accountability (STA)
Level N/A
Define and implement a process for conducting internal assessments to confirm conformance and effectiveness of standards, policies, procedures, and service level agreement activities at least annually.
Supply Chain Management and Transparency and Accountability (STA)
Implement policies requiring all CSPs throughout the supply chain to comply with information security, confidentiality, access control, privacy, audit, personnel policy and service level requirements and standards.
