SR-1: Policy and Procedures
An OSCAL Control
-
-
personnel or roles
personnel or roles to whom supply chain risk management policy is to be disseminated to is/are defined;
-
personnel or roles
personnel or roles to whom supply chain risk management procedures are disseminated to is/are defined;
-
official
an official to manage the development, documentation, and dissemination of the supply chain risk management policy and procedures is defined;
-
frequency
the frequency at which the current supply chain risk management policy is reviewed and updated is defined;
-
events
events that require the current supply chain risk management policy to be reviewed and updated are defined;
-
frequency
the frequency at which the current supply chain risk management procedure is reviewed and updated is defined;
-
events
events that require the supply chain risk management procedures to be reviewed and updated are defined;