Back

Include the appropriate aspects of the Quality Management program in the Service Level Agreement.


CONTROL ID
00845
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a Service Level Agreement framework., CC ID: 00839

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • The results of subcontracted/consigned operations/services must be assessed and analyzed. This is a control item that constitutes a relatively small risk to financial information. This is an IT general control. (App 2-1 Item Number VI.5.4(7), Appendix 1 Correspondence of the System Management Standards - Supplementary Edition to other standards)
  • In service level agreements, their process documentation or comparable documentation, the cloud provider provides comprehensible and transparent specifications regarding available and valid certifications and certificates of independent third parties, which allow an expert third party to assess the … (Section 4 UP-04 Basic requirement ¶ 1, Cloud Computing Compliance Controls Catalogue (C5))
  • At planned intervals, the risks to service availability shall be assessed and documented. The organization shall determine the service availability requirements and targets. The agreed requirements shall take into consideration relevant business requirements, service requirements, SLAs and risks. (§ 8.7.1 ¶ 1, ISO/IEC 20000-1:2018, Information technology — Service management —Part 1: Service management system requirements, Third Edition)