Detailed descriptions of required security measures for subcontractors on contracts related to offered cloud services
Critical
High
Normal
Low
When involving subprocessors in processing personal data related to offered cloud services, the organization ensures that contracts clearly specify the minimum technical and organizational security measures required from subprocessors.
See an example process description from task's page
Connected other frameworks and requirements:
A.11.12: Sub-contracted PII processing
ISO 27018
15.1.3: Information and communication technology supply chain