graphgrc

SCF - TPM-05 - Third-Party Contract Requirements

Mechanisms exist to identify, regularly review and document third-party confidentiality, Non-Disclosure Agreements (NDAs) and other contracts that reflect the organization’s needs to protect systems and data.

Mapped framework controls

GDPR

• Art 28.10
• Art 28.1
• Art 28.2
• Art 28.3
• Art 28.4
• Art 28.5
• Art 28.6
• Art 28.9
• Art 29

ISO 27002

• A.5.19
• A.5.20
• A.5.21
• A.5.31
• A.6.6
• A.8.21
• A.8.30

SOC 2

• CC9.1

Control questions

Does the organization identify, regularly review and document third-party confidentiality, Non-Disclosure Agreements (NDAs) and other contracts that reflect the organization’s needs to protect systems and data?

This site is open source. Improve this page.