graphgrc

SCF - TPM-04.1 - Third-Party Risk Assessments & Approvals

Mechanisms exist to conduct a risk assessment prior to the acquisition or outsourcing of technology-related services.

Mapped framework controls

ISO 27002

• A.5.19

SOC 2

• CC3.4
• CC9.2

Control questions

Does the organization conduct a risk assessment prior to the acquisition or outsourcing of technology-related services?

This site is open source. Improve this page.