I received a document (see link) this morning, and it got me thinking about how a holistic maturity model is needed for vendor audits/assessments as there are so many different types of guides/frameworks/certs (i.e. PCI/COBIT/SAS 70/FISMA/HITRUST/BITS/ISO). Would something like a CMM/GARP maturity model work?
http://www.ncontrol-llc.com/ISF_Cloud_Computing_Executive_Summar_Public_version_170311.pdf
No comments:
Post a Comment