GV.SC-07:

The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship

Implementation Examples

Ex1:

Adjust assessment formats and frequencies based on the third party's reputation and the criticality of the products or services they provide

Ex2:

Evaluate third parties' evidence of compliance with contractual cybersecurity requirements, such as self-attestations, warranties, certifications, and other artifacts

Ex3:

Monitor critical suppliers to ensure that they are fulfilling their security obligations throughout the supplier relationship lifecycle using a variety of methods and techniques, such as inspections, audits, tests, or other forms of evaluation

Ex4:

Monitor critical suppliers, services, and products for changes to their risk profiles, and reevaluate supplier criticality and risk impact accordingly

Ex5:

Plan for unexpected supplier and supply chain-related interruptions to ensure business continuity

GV.SC-07:

The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship

Implementation Examples

Ex1:

Ex2:

Ex3:

Ex4:

Ex5:

Peaches.Cloud

Quick Links

Contact

Support Our Research