The organization must communicate to suppliers their roles and responsibilities in supply chain security. It must also be ensured that suppliers understand their security guidelines and any other security responsibilities under the agreements.
When involving subprocessors in processing personal data related to offered cloud services, the organization ensures that contracts clearly specify the minimum technical and organizational security measures required from subprocessors.
A designated responsible person actively monitors the supplier's activities and services to ensure compliance with the security terms of the contracts and the proper management of security incidents.
Monitoring includes the following: