graphgrc

SCF - RSK-09.1 - Supply Chain Risk Assessment

Mechanisms exist to periodically assess supply chain risks associated with systems, system components and services.

Mapped framework controls

GDPR

• Art 35.11
• Art 35.1
• Art 35.2
• Art 35.3
• Art 35.6
• Art 35.8
• Art 35.9
• Art 36.3

ISO 27002

• A.8.30

NIST 800-53

• RA-3(1)

SOC 2

• CC3.2
• CC9.2

Control questions

Does the organization periodically assess supply chain risks associated with systems, system components and services?

This site is open source. Improve this page.