A Service Responsibility Matrix ("SRM") is a document that describes, as between your organization and a service provider, the division of labor and responsibility for a given objective or control.
You should have an SRM for each cloud-based service that you select below in the Practice Validation Details as relevant for this control.
Many service providers publish the SRMs for their services and you can import the service providers' SRM in the Documents portion of the Technology subway stop.
SRMs support the level of inheritance indicated for the control's objective. Inheritance allows you to define when a service provider, such as a cloud service provider, is partially or fully responsible for meeting an objective. For information on using the Inherited function, please watch our Inheritance Overview Video.
- Create the SRM.
- Apply the SRM to an Inventory Item.
- Tag the Inventory Item to controls to have the SRM appear as an option to select from the SRM list when justifying inheritance.
- Go to the control and select the SRM from the available list.
Here is a detailed breakdown of how to complete this within the platform:
Questions? Email firstname.lastname@example.org