Mechanisms exist to control changes to services by suppliers, taking into account the criticality of business information, systems and processes that are in scope by the third-party.
Does the organization control changes to services by suppliers, taking into account the criticality of business information, systems and processes that are in scope by the third-party?