tpm-044-third-partyprocessing,storageandservicelocations.md

SCF - TPM-04.4 - Third-Party Processing, Storage and Service Locations

Mechanisms exist to restrict the location of information processing/storage based on business requirements.

Mapped framework controls

GDPR

• Art 26.1
• Art 26.2
• Art 26.3
• Art 28.10
• Art 28.1
• Art 28.2
• Art 28.3
• Art 28.4
• Art 28.5
• Art 28.6
• Art 28.9
• Art 29
• Art 44
• Art 45.1
• Art 45.2
• Art 46.1
• Art 46.2
• Art 46.3
• Art 47.1
• Art 47.2
• Art 48
• Art 49.1
• Art 49.2
• Art 49.6
• Art 6.1
• Art 6.4

ISO 27002

• A.5.21

SOC 2

• CC9.1

Control questions

Does the organization restrict the location of information processing/storage based on business requirements?