• Skip to main content
  • Skip to primary sidebar

Information Security Management ResourceKit

A Public Service of SecureTheVillage

  • Home
  • Return to SecureTheVillage

Third-Party Security Management Basic Requirements

The Information Security Manager (ISM) is to manage the information security risk associated with the sharing of sensitive information with third-parties by

  1. Maintaining a documented plan for managing 3rd-party risk
  2. Providing third-parties with information security requirements, including applicable legal and contractual requirements
  3. Gaining contractual assurance from third-parties that they commit to following information security requirements
  4. Providing guidance to third-parties for compliance, as requested

The ISM is to maintain, at a minimum, a complete list of 3rd-parties with whom protected information is shared with the following information for each 3rd-party on the list:

  • 3rd-Party Name
  • Point of Contact and contact information
  • Kinds of information shared
  • Date on which 3rd-party was sent requirements
  • Date on which contractual assurance was received

 

 

Contributed by Citadel Information Group
© Copyright 2017. Citadel Information Group. All Rights Reserved.

Filed Under: Third-Party Security Management

Primary Sidebar

Resources Areas

  • Cyber Threats
    • Ransomware
    • Online Bank Fraud
  • Information Security Management / Leadership
  • Information Security Policies and Standards
  • Information Security Risk Assessment
  • Information Classification and Control
  • Securing the Human
  • Third-Party Security Management
  • Managing Security of the IT Infrastructure
  • Legal & Related
    • Basic Cyber Laws
    • Payment Card Industry Data Security Standard (PCI DSS)
    • General Data Protection Regulation (GDPR)
    • California Consumer Privacy Act (CCPA)
    • Cybersecurity Maturity Model Certification (CMMC)
  • Getting Cyber-Prepared: Incident Response & Business Continuity
  • Managing Cyber-Risk and Insurance
  • Personal Cybersecurity
  • Cyber Freedom

Copyright © 2023 · SecureTheVillage