CCI-004472

Defines the frequency of which the supply chain risk management strategy will be reviewed and updated.

Implementation Guidance

Determine if the supply chain risk management strategy is reviewed and updated [PM-30_ODP; the frequency for reviewing and updating the supply chain risk management strategy is defined] or as required to address Organizational changes.

Validation Procedures

Examine: [SELECT FROM: Supply chain risk management strategy; organizational risk management strategy; enterprise risk management documents; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with supply chain risk management responsibilities; organizational personnel with information security responsibilities; organizational personnel with acquisition responsibilities; organizational personnel with enterprise risk management responsibilities].

The controls below (if any) were marked by NIST as being related to CCI-004472.