AICM AtlasCSA AI Controls Matrix
STA · Supply Chain Management, Transparency, and Accountability
STA-11Cloud & AI Related

Supply Chain Agreement Review

Specification

Review supply chain agreements at least annually, or upon significant changes.

Threat coverage

Model manipulation
Data poisoning
Sensitive data disclosure
Model theft
Model/Service Failure
Insecure supply chain
Insecure apps/plugins
Denial of Service
Loss of governance

Architectural relevance

Physical infrastructure
Network
Compute
Storage
Application
Data

Lifecycle

Preparation

Data storage, Resource provisioning

Development

Supply Chain

Evaluation

Evaluation, Validation/Red Teaming, Re-evaluation

Deployment

Orchestration, AI Services supply chain

Delivery

Operations, Maintenance, Continuous monitoring

Retirement

Data deletion

Ownership / SSRM

PI

Shared across the supply chain

Shared control ownership refers to responsibilities and activities related to LLM security that are distributed across multiple stakeholders within the AI supply chain, including the Cloud Service Provider (CSP), Model Provider (MP), Orchestrated Service Provider (OSP), Application Provider (AP), and Customer (AIC). These controls require coordinated actions, communication, and governance across all involved parties to ensure their effectiveness.

Model

Shared across the supply chain

Shared control ownership refers to responsibilities and activities related to LLM security that are distributed across multiple stakeholders within the AI supply chain, including the Cloud Service Provider (CSP), Model Provider (MP), Orchestrated Service Provider (OSP), Application Provider (AP), and Customer (AIC). These controls require coordinated actions, communication, and governance across all involved parties to ensure their effectiveness.

Orchestrated

Owned by the Orchestrated Service Provider (OSP)

The Orchestrated Service Provider (OSP) is responsible for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer. The OSP is responsible and accountable for the implementation of the control within its own infrastructure/environment. If the control has downstream implications on the users/customers, the OSP is responsible for enabling the customer and/or upstream partner in the implementation/configuration of the control within their risk management approach. The OSP is accountable for ensuring that its providers upstream (e.g MPs) implement the control as it relates to the service/product the develop and offered by the OSP. This refers to entities that create the technical building blocks and management tools that enable AI implementation. This can include platforms, frameworks, and tools that facilitate the integration, deployment, and management of AI models within enterprise workflows. These providers focus on model orchestration and offer services like API access, automated scaling, prompt management, workflow automation, monitoring, and governance rather than end-user functionality or raw infrastructure. They help businesses implement AI in a structured and efficient manner. Examples: AWS, Azure, GCP, OpenAI, Anthropic, LangChain (for AI workflow orchestration), Anyscale (Ray for distributed AI workloads), Databricks (MLflow), IBM Watson Orchestrate, and developer platforms like Google AI Studio.

Application

Shared Orchestrated Service Provider-Application Provider (Shared OSP-AP)

The OSP and AP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Implementation guidelines

[All Actors]
1. Establish annual review schedules for all supply chain agreements, contracts, and service level agreements with vendors, suppliers, and partners involved in AI system delivery

2. Define review triggers for agreement updates including significant business changes, regulatory updates, security incidents, vendor changes, or technology modifications

3. Evaluate agreement adequacy by assessing whether current contractual terms address evolving security requirements, data protection needs, and operational dependencies

4. Review contractual obligations including security commitments, liability terms, data handling requirements, incident notification procedures, and termination clauses

5. Update agreements based on review findings, incorporating new security requirements, regulatory changes, lessons learned from incidents, and evolving business needs

6. Document review outcomes including identified gaps, required updates, renegotiation priorities, and timelines for agreement modifications

7. Coordinate cross-functional reviews involving legal, security, procurement, and technical teams to ensure comprehensive agreement evaluation.

Auditing guidelines

1. Verify whether the cloud service provider (CSP) reviews key supply chain partners such as model providers, application providers, orchestrated service providers, data and hardware vendors, infrastructure operators, and integrators at least annually or following major changes in services, risk, or regulations.

2. Verify that review outcomes are documented, and that identified risks or gaps are addressed through updated contracts, mitigation actions, or vendor reassessments, with oversight from governance or risk teams.

Standards mappings

ISO 42001Partial Gap
42001: A.2.3 Alignment with other organizational policies
42001: A 10.3 Supply Chain
27001: A.5.19 Information security in supplier relationships
27001: A.5.20 Addressing information security within supplier agreements
27001: A.5.22 Monitoring
review and change management of supplier
services
27002: 5.20 Addressing information security within supplier agreements
27002: 5.22 Monitoring
review and change management of supplier
services
Addendum

The organization should review supply chain agreements related to AI services, data, models, or infrastructure at least annually, or upon significant changes in scope, services, risk profile, or regulatory obligations. Reviews should confirm the continued adequacy of security, privacy, performance, and operational clauses. All reviews should be documented and assigned to responsible personnel.

EU AI ActPartial Gap
Article 9 (6)
Article 16
Article 17
Article 25
Addendum

Implement a formal process to review AI supplier agreements annually or when major changes occur.

NIST AI 600-1Full Gap
No Mapping
Addendum

NIST AI 600-1 doesn't define the review frequency. It only references a review. STA-11 focuses on review agreements between CSP and AIC at least annually.

BSI AIC4No Gap
C4 PF-03
C5 SSO-04
Addendum

N/A

AI-CAIQ questions (1)

STA-11.1

Are supply chain agreements reviewed at least annually or upon significant changes?