The organization must clearly document all the digital services it provides to its customers according to the cloud service model.
The documentation for digital services must include the partners involved in the service supply chain. The partner listing must include supporting services (such as IaaS, such as AWS or MS Azure), other partners included in the main service provider's supply chain (such as outsourced development), and other services that complement the actual service (including IDaaS, CDN).
In the future, supply chain documentation can be used to review a more detailed division of safety responsibilities.
The organization must define procedures for informing the controller of all processors of personal data before processing begins.
The notification shall include the data processed by the processors and the purposes for which they process the data.