The organization should actively maintain contacts with cloud-related stakeholders and other relevant parties related to the organization's operations.
The organization has defined policies that regularly collect up-to-date and reliable information about malware. Such can be e.g. mailing lists, magazines, blogs from security software vendors, or security news sites.
The purpose of the data sources is to verify the information on malware, to distinguish the scams from real malware and to ensure that the warnings received are truthful and informative.
The organization shall actively maintain contacts with stakeholders relevant to the organization's operations and other relevant actors related to the organization's operations and security.
The goal is especially to: