The organization must maintain a list of partners who have access to confidential information. System vendors and processors of personal data are listed separately from other stakeholders because they play an active role in the processing of data.
The organization has defined the certifications or standards required of key partners. Commonly recognized standards related to cyber security include:
Certifications required from partners can make organization's own partner management more efficient and provide good evidence of a particular level of security or privacy of the partner.
A responsible person has been appointed for the provider companies, who monitors the provider's activities, communications and compliance with the contract.
Responsible person must have sufficient skills to analyze cyber security requirements depending on the criticality of the provider. Responsible person also ensures that the provider appoints an own responsible person to ensure compliance with the contract and facilitate cooperation.
A designated responsible person actively monitors the supplier's activities and services to ensure compliance with the security terms of the contracts and the proper management of security incidents.
Monitoring includes the following:
The organization has defined the certifications or standards required of key partners. Commonly recognized standards related to cyber security include:
Certifications required from partners can make organization's own partner management more efficient and provide good evidence of a particular level of security or privacy of the partner.