Are all identified security, contractual, and regulatory requirements for customer access contractually addressed and remediated prior to granting customers access to data, assets, and information systems? Jonathan van Driessen September 04, 2021 15:25 Yes. Related articles Do you test the changes in a test environment before putting them in production? Are upgrades or system changes installed during off-peak hours or in a manner that does not impact the customer? Do you conduct network penetration tests of your cloud service infrastructure at least annually? Do you conduct application penetration tests of your cloud infrastructure regularly? Do you maintain written disaster recovery procedures / a Disaster Recovery Plan (CRP)? Comments 0 comments Please sign in to leave a comment.