Supply Chain Service Agreement Compliance
Specification
Implement policies requiring all service providers throughout the supply chain to comply with information security, confidentiality, access control, privacy, audit, personnel policy and service level requirements and standards.
Threat coverage
Architectural relevance
Lifecycle
Data collection, Data curation, Data storage, Resource provisioning
Design, Training, Guardrails
Evaluation, Validation/Red Teaming, Re-evaluation
Orchestration, AI Services supply chain, AI applications
Operations, Maintenance, Continuous monitoring, Continuous improvement
Archiving, Data deletion, Model disposal
Ownership / SSRM
PI
Shared across the supply chain
Shared control ownership refers to responsibilities and activities related to LLM security that are distributed across multiple stakeholders within the AI supply chain, including the Cloud Service Provider (CSP), Model Provider (MP), Orchestrated Service Provider (OSP), Application Provider (AP), and Customer (AIC). These controls require coordinated actions, communication, and governance across all involved parties to ensure their effectiveness.
Model
Owned by the Model Provider (MP)
The model provider (MP) designs, develops, and implements the control as part of their services or products to mitigate security, privacy, or compliance risks associated with the Large Language Model (LLM). Model Providers are entities that develop, train, and distribute foundational and fine-tuned AI models for various applications. They create the underlying AI capabilities that other actors build upon. Model Providers are responsible for model architecture, training methodologies, performance characteristics, and documentation of capabilities and limitations. They operate at the foundation layer of the AI stack and may provide direct API access to their models. Examples: OpenAI (GPT, DALL-E, Whisper), Anthropic(Claude), Google(Gemini), Meta(Llama), as well as any customized model.
Orchestrated
Owned by the Orchestrated Service Provider (OSP)
The Orchestrated Service Provider (OSP) is responsible for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer. The OSP is responsible and accountable for the implementation of the control within its own infrastructure/environment. If the control has downstream implications on the users/customers, the OSP is responsible for enabling the customer and/or upstream partner in the implementation/configuration of the control within their risk management approach. The OSP is accountable for ensuring that its providers upstream (e.g MPs) implement the control as it relates to the service/product the develop and offered by the OSP. This refers to entities that create the technical building blocks and management tools that enable AI implementation. This can include platforms, frameworks, and tools that facilitate the integration, deployment, and management of AI models within enterprise workflows. These providers focus on model orchestration and offer services like API access, automated scaling, prompt management, workflow automation, monitoring, and governance rather than end-user functionality or raw infrastructure. They help businesses implement AI in a structured and efficient manner. Examples: AWS, Azure, GCP, OpenAI, Anthropic, LangChain (for AI workflow orchestration), Anyscale (Ray for distributed AI workloads), Databricks (MLflow), IBM Watson Orchestrate, and developer platforms like Google AI Studio.
Application
Shared Application Provider-AI Customer (Shared AP-AIC)
The AP and AIC both share responsibility and accountability for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they offer and consume.
Implementation guidelines
Auditing guidelines
1. Assess whether the CSP has established a formal policy or framework for integrating security, compliance, and governance requirements into contractual agreements across its supply chain, including subcontractors and technology partners. 2. Verify that these requirements are consistently reflected in executed contracts with third parties. This includes provisions related to data protection, regulatory compliance, service availability, and incident response. 3. Evaluate whether the CSP retains the contractual right to audit or assess its supply chain partners where necessary. This should include the ability to verify compliance with agreed-upon controls and to address risks related to data security, service continuity, and regulatory obligations.
Standards mappings
42001: A.2.2 AI policy 42001: A.2.3 Alignment with other organizational policies 42001 A.2.4 Review of the AI policy 42001: A.10.2 Allocating Responsibilities 42001: A.10.4 Customers 27001: A.5.19 Information security in supplier relationships 27001: A.5.20 Addressing information security within supplier agreements 27001: A.5.21 Managing information security in the information and communication technology (ICT) supply chain 27001: A.5.22 Monitoring review and change management of supplier services 27001: A.5.23 Information security for use of cloud services 27002: 5.19 Information security in supplier relationships 27002: 5.20 Addressing information security within supplier agreements 27002: 5.21 Managing information security in the information and communication technology (ICT) supply chain 27002: 5.22 Monitoring review and change management of supplier services 27002: 5.23 Information security for use of cloud services
Addendum
N/A
Article 16 Article 17 Article 22 Article 23 Article 24 Article 25 Article 26 Article 53 Article 54 Article 55
Addendum
Contractual Clauses in Supplier Agreements, Extend Internal QMS/Risk Programs to Suppliers, Mandate Third-Party Compliance With Standards, Create a Third-Party Governance Policy, Monitor and Enforce Compliance.
GV-6.1-009 GV-6.1-004
Addendum
Include mentions of confidentiality, access control, and audit, Personnel policy and staffing controls, SLRs and enforceable service-level governance.
C4 PC-01 C5 SSO-01
Addendum
N/A
AI-CAIQ questions (1)
Are policies implemented requiring all service providers throughout the supply chain to comply with information security, confidentiality, access control, privacy, audit, personnel policy and service level requirements and standards?