Access to all logs relating to an organisation’s data and services is documented in contractual arrangements with service providers.
Topic
Contractual security requirements with service providers
Applicable to
all
History
Dec 2022
Access to all logs relating to an organisation’s data and services is documented in contractual arrangements with service providers.
Language from existing controls relating to ‘contractual arrangements’ was amended to ‘contractual arrangements with service providers’.
Mar 2022
Access to all logs relating to an organisation’s data and services is documented in contractual arrangements.
Miscellaneous changes were made to rationale and recommendations throughout the publication to clarify content without changing intent. This included a review from the Guidelines for System Hardening chapter through to the Guidelines for Data Transfers chapter.
Jul 2020
Access to all logs relating to an organisation’s information and services are specified in contractual arrangements.
Security control 1573 was introduced to ensure contractual arrangementsspecify that organisations have access to service provider logs relating to their information and services.