Are all identified security, contractual, and regulatory requirements for customer access contractually addressed and remediated prior to granting customers access to data, assets, and information systems? Jonathan van Driessen September 04, 2021 15:25 Yes. Related articles Are upgrades or system changes installed during off-peak hours or in a manner that does not impact the customer? Do you conduct application penetration tests of your cloud infrastructure regularly? Do you maintain written disaster recovery procedures / a Disaster Recovery Plan (CRP)? Do you monitor and review access attempts? Comments 0 comments Please sign in to leave a comment.