GV.SC-10:

Cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement

Establish processes for terminating critical relationships under both normal and adverse circumstances

Define and implement plans for component end-of-life maintenance support and obsolescence

Verify that supplier access to organization resources is deactivated promptly when it is no longer needed

Verify that assets containing the organization's data are returned or properly disposed of in a timely, controlled, and safe manner

Develop and execute a plan for terminating or transitioning supplier relationships that takes supply chain security risk and resiliency into account

Mitigate risks to data and systems created by supplier termination

Manage data leakage risks associated with supplier termination