STA · Supply Chain Management, Transparency, and Accountability

STA-02Cloud & AI Related

SSRM Policy and Procedures

Specification

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the application of the Shared Security Responsibility Model (SSRM) within the organization. Review and update the policies and procedures at least annually, or upon significant changes.

Threat coverage

Model manipulation

Data poisoning

Sensitive data disclosure

Model theft

Model/Service Failure

Insecure supply chain

Insecure apps/plugins

Denial of Service

Loss of governance

Architectural relevance

Physical infrastructure

Network

Compute

Storage

Application

Data

Lifecycle

Preparation

Data storage, Team and expertise

Development

Guardrails

Evaluation

Re-evaluation

Deployment

Orchestration, AI Services supply chain, AI applications

Delivery

Operations, Maintenance, Continuous monitoring, Continuous improvement

Retirement

Archiving, Data deletion, Model disposal

Ownership / SSRM

Shared across the supply chain

Shared control ownership refers to responsibilities and activities related to LLM security that are distributed across multiple stakeholders within the AI supply chain, including the Cloud Service Provider (CSP), Model Provider (MP), Orchestrated Service Provider (OSP), Application Provider (AP), and Customer (AIC). These controls require coordinated actions, communication, and governance across all involved parties to ensure their effectiveness.

Model

Owned by the Model Provider (MP)

The model provider (MP) designs, develops, and implements the control as part of their services or products to mitigate security, privacy, or compliance risks associated with the Large Language Model (LLM). Model Providers are entities that develop, train, and distribute foundational and fine-tuned AI models for various applications. They create the underlying AI capabilities that other actors build upon. Model Providers are responsible for model architecture, training methodologies, performance characteristics, and documentation of capabilities and limitations. They operate at the foundation layer of the AI stack and may provide direct API access to their models. Examples: OpenAI (GPT, DALL-E, Whisper), Anthropic(Claude), Google(Gemini), Meta(Llama), as well as any customized model.

Orchestrated

Shared Model Provider-Orchestrated Service Provider (Shared MP-OSP)

The MP and OSP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Application

Shared Application Provider-AI Customer (Shared AP-AIC)

The AP and AIC both share responsibility and accountability for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they offer and consume.

Implementation guidelines

[All Actors]
1. Establish formal approval workflows for SSRM policy changes, ensuring executive and legal stakeholder review.

2. Develop and document a comprehensive Supply Chain Security Risk Management (SSRM) policy that outlines procedures for identifying, assessing, and mitigating risks related to the supply chain.

3. Ensure the SSRM policy aligns with organizational goals and regulatory requirements, providing clear guidance on roles, responsibilities, and risk tolerance.

4. Regularly review and update the SSRM policy to adapt to changes in regulations, industry standards, and emerging threats.

5. Communicate the SSRM policy to all relevant stakeholders, ensuring that they understand their responsibilities in maintaining supply chain security.

6. Implement training programs to ensure employees and third-party vendors are familiar with the SSRM policy and procedures.

Auditing guidelines

1. Verify that the CSP has established and documented policies and procedures in the domain of Supply Chain Management that define organizational and technical measures to protect infrastructure and services against third‑party risks, threats, and vulnerabilities (e.g., hardware vendors, hypervisors, datacenter operators).

2. Ensure that these policies explicitly define and apply the SSRM, clearly demarcating responsibilities between CSP‑managed and customer‑managed security controls.

3. Confirm that the SSRM explicitly addresses infrastructure layers, virtualization security, multi-tenancy isolation, and controls relevant to AI workloads.

4. Inspect whether SSRM policies and procedures are compliant with relevant cloud security standards (e.g., ISO/IEC 27017, CSA CCM) and applicable regulations.

5. Verify that SSRM policies are formally approved by authorized leadership and communicated clearly to customers (e.g., through trust center, contracts, SLA) and internal stakeholders.

6. Confirm consistent SSRM enforcement across all services, with defined and auditable controls for customer onboarding, offboarding, and third‑party integrations.

From CCM:
1. Examine policy for adequacy, approval, communication, currency, and effectiveness.
2. Examine policy and procedures for evidence of review at least annually.

Standards mappings

ISO 42001No Gap

42001: A.2.2 AI Policy
42001: A.2.3 Alignment with other organizational policies
42001: A.2.4 Review of AI Policy
42001: A.10.2 Allocating Responsibilities
27001: 5.1 Leadership Commitment
27001: 5.2 Policy
27001: 5.3 Organizational roles
responsibilities and authorities
27001: 7.3 Awareness
27001: 7.4 Communication
27001: 7.5 Documented Information
27001: 9.1 Monitoring
measurement
analysis and evaluation
27001: 9.3 Management Review
27001: A.5.1 Policies for information security
27001: A.5.2 Information security roles and responsibilities
27001: A.5.19 Information security in supplier relationships
27001: A.5.20 Addressing information security within supplier agreements
27001: A.5.22 Monitoring
review and change management of supplier services
27001: A 5.23 Information security for use of cloud services
27001: A.5.37 Documented operating procedures
27001: 5.1 Policies for information security
27002: 5.2 Information security roles and responsibilities
27002: 5.19 Information security in supplier relationships
27002: 5.20 Addressing information security within supplier agreements
27002: 5.22 Monitoring
review and change management of supplier services
27002: 5.23 Information security for use of cloud services
27002: 5.37 Documented operating procedures

Addendum

N/A

EU AI ActPartial Gap

Article 17 (1) (l)
Annex VII (5.3)
Article 25

Addendum

Define or reference a Shared Security Responsibility Model (SSRM) framework, require formal policy and procedure management (documentation, approval, review), and mandate periodic review cycles and cross-actor communication of those roles.

NIST AI 600-1No Gap

GV-4.1-001
GV-4.1-003
GV-6.1-004

Addendum

N/A

BSI AIC4No Gap

C4 PC-02
C5 SSO-01
C5 OIS-03
C5 OIS-04
C5 PSS-01

Addendum

N/A

AI-CAIQ questions (2)

STA-02.1

Are policies and procedures established, documented, approved, communicated, applied, evaluated, and maintained for applying the Shared Security Responsibility Model (SSRM) within the organization?

STA-02.2

Are policies and procedures for applying the Shared Security Responsibility Model (SSRM) within the organization reviewed and updated at least annually, or upon significant changes?