The Information Security Manager (ISM) is to manage the information security risk associated with the sharing of sensitive information with third-parties by
- Maintaining a documented plan for managing 3rd-party risk
- Providing third-parties with information security requirements, including applicable legal and contractual requirements
- Gaining contractual assurance from third-parties that they commit to following information security requirements
- Providing guidance to third-parties for compliance, as requested
The ISM is to maintain, at a minimum, a complete list of 3rd-parties with whom protected information is shared with the following information for each 3rd-party on the list:
- 3rd-Party Name
- Point of Contact and contact information
- Kinds of information shared
- Date on which 3rd-party was sent requirements
- Date on which contractual assurance was received
Contributed by Citadel Information Group
© Copyright 2017. Citadel Information Group. All Rights Reserved.