Annex A 5.22 - Monitoring, Review and Change Management of Supplier Services

The organisation shall regularly monitor, review, evaluate and manage change in supplier information security practices and service delivery.