| Text of Recommendation | The CPSC should develop and implement policies and procedures to periodically review
security packages from external service providers (such as those hosting cloud, shared
services, and third-party systems) to ensure that the risks posed by the external service
provider are within the CPSC’s risk appetite and tolerance. |
|---|---|
| Recommendation Number | 4 |
| Recommendation Status | Open |
| Significant Recommendation | No |
| Recommendation Questioned Costs | $0 |
| Recommendation Funds for Better Use | $0 |
| Submitting OIG | |
|---|---|
| Linked Report |