Scope of Risk. The Posture Management module requires read-only access to the connected IaaS or SaaS service. It is the responsibility of the customer to follow the documentation to create the correct permission sets and/or IAM access to the 3rd party service. • The remediation assistant uses an Open-AI based LLM and custom ChatGPT interface. It is trained based on the 3rd party service provider documentation and answers based on available data and assumes accuracy of said documentation. The assistant is programmed with specific instructions such that it will only provide answers for the specific control within the session and must ignore questions not connected with the control. • An option exists to mitigate a control that has been marked as non-compliant, for example if a non-connected 3rd party solution is in place (e.g. MFA) or the customer has accepted the risk. When the SPM user marks a control with a “Mitigated” state it is possible to activate a toggle that disables the control from future scans. If this is selected it is the responsibility of the user to ensure the mitigation solution is operational and this setting reversed should the mitigation be removed.
Appears in 2 contracts
Sources: Data Processing Agreement, Master Services Agreement