Content library
CyberFundamentals (Belgium)
PR.AT-3: Third-party stakeholders (e.g., suppliers, customers, partners) understand their roles and responsibilities.

How to fill the requirement

CyberFundamentals (Belgium)

PR.AT-3: Third-party stakeholders (e.g., suppliers, customers, partners) understand their roles and responsibilities.

Task name
Priority
Status
Theme
Policy
Other requirements
Communicating responsibilities to suppliers
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Partner management
Agreements and monitoring
requirements

Task is fulfilling also these other security requirements

PR.AT-3: Third-party stakeholders
NIST
1.2.4: Definition of responsibilities with service providers
TISAX
ID.BE-1: The organization’s role in the supply chain is identified and communicated.
CyFun
PR.AT-3: Third-party stakeholders (e.g., suppliers, customers, partners) understand their roles and responsibilities.
CyFun
1. Task description

The organization must communicate to suppliers their roles and responsibilities in supply chain security. It must also be ensured that suppliers understand their security guidelines and any other security responsibilities under the agreements.

Detailed descriptions of required security measures for subcontractors on contracts related to offered cloud services
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Partner management
Agreements and monitoring
requirements

Task is fulfilling also these other security requirements

A.11.12: Sub-contracted PII processing
ISO 27018
15.1.3: Information and communication technology supply chain
ISO 27017
PR.AT-3: Third-party stakeholders (e.g., suppliers, customers, partners) understand their roles and responsibilities.
CyFun
1. Task description

When involving subprocessors in processing personal data related to offered cloud services, the organization ensures that contracts clearly specify the minimum technical and organizational security measures required from subprocessors.

Monitoring suppliers' compliance with security requirements
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Partner management
Agreements and monitoring
requirements

Task is fulfilling also these other security requirements

32. Security of processing
GDPR
15.1.1: Information security policy for supplier relationships
ISO27 Full
15.2.1: Monitoring and review of supplier services
ISO27 Full
ID.GV-2: Cybersecurity role coordination
NIST
ID.SC-1: Cyber supply chain
NIST
1. Task description

A designated responsible person actively monitors the supplier's activities and services to ensure compliance with the security terms of the contracts and the proper management of security incidents.

Monitoring includes the following:

  • monitoring the promised service level
  • reviewing supplier reports and arranging follow-up meetings
  • regular organization of independent audits
  • follow-up of problems identified in audits
  • more detailed investigation of security incidents and review of related documentation
  • review of the supplier's future plans (related to maintaining the service level)
No items found.