graphgrc

SCF - TPM-08 - Review of Third-Party Services

Mechanisms exist to monitor, regularly review and audit External Service Providers (ESPs) for compliance with established contractual requirements for cybersecurity & data privacy controls.

Mapped framework controls

ISO 27002

• A.5.19
• A.5.20
• A.5.22
• A.8.21

NIST 800-53

• SR-6

SOC 2

• CC3.4
• CC9.1

Control questions

Does the organization monitor, regularly review and audit External Service Providers (ESPs) for compliance with established contractual requirements for cybersecurity & data privacy controls?

This site is open source. Improve this page.