The establishment of agreements and procedures facilitates communications among supply chain entities. Early notification of compromises and potential compromises in the supply chain that can potentially adversely affect or have adversely affected university systems or system components is essential for the university to effectively respond to such incidents.


  • This control applies to the university Chief Information Security Officer in consultation with university procurement services.


  • 1

    The Chief Information Security Officer shall coordinate with university procurement services to establish agreements and procedures with entities involved in the supply chain for the system, system component, or system service for the notification of supply chain compromises, or results of assessments or audits.