>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AU-1Policy And Procedures

>Control Description

Enterprises must designate a specific official to manage the development, documentation, and dissemination of the audit and accountability policy and procedures to include auditing of the supply chain information systems and network. The audit and accountability policy and procedures should appropriately address tracking activities and their availability for other various supply chain activities, such as configuration management. Suppliers, developers, system integrators, external system service providers, and other ICT/OT-related service providers activities should not be included in such a policy unless those functions are performed within the acquirer’s supply chain information systems and network. Audit and accountability policy procedures should appropriately address supplier audits as a way to examine the quality of a particular supplier and the risk they present to the enterprise and the enterprise’s supply chain.

>Cross-Framework Mappings

SCF

GOV-03
Compare
GOV-02
Compare
MON-01
Compare

Ask AI

Configure your API key to use AI features.