Security foundations

SCSEC01: How does your governance model address security and compliance requirements for your supply chain workloads?

Security and compliance requirements must be considered for supply chain workloads, a robust governance model with a Cloud Center of Excellence (CCoE) is crucial to meet security and compliance requirements.

SCSEC02: How do you maintain visibility and oversight of your supply chain security posture across multiple environments and regions?

From a supply chain perspective, maintaining compliance with regulatory guidelines and mandates is crucial for companies executing a supply chain. Traditional compliance assessment methods may not be sufficient for the dynamic and agile cloud environment that underpins modern supply chain operations. As such, specific best practices and tools are required to facilitate compliance in the cloud-based supply chain environment. To maintain visibility and oversight of your supply chain security posture across multiple environments and regions, using cloud services for automated compliance monitoring and management is crucial.

Best practices

• SCSEC01-BP01 Establish security and governance functions in your CCoE

• SCSEC01-BP02 Use cloud services to maintain security controls while scaling your supply chain environment

• SCSEC01-BP03 Practice continuous governance

• SCSEC02-BP01 Track cloud resources and enforce compliance with automation

• SCSEC02-BP02 Aggregate findings and metrics to maintain centralized visibility