RSK-09
Supply Chain Risk Management (SCRM) Plan
Description
Mechanisms exist to develop a plan for Supply Chain Risk Management (SCRM) associated with the development, acquisition, maintenance and disposal of Technology Assets, Applications and/or Services (TAAS), including documenting selected mitigating actions and monitoring performance against those plans.
Control Question
Does the organization develop a plan for Supply Chain Risk Management (SCRM) associated with the development, acquisition, maintenance and disposal of Technology Assets, Applications and/or Services (TAAS), including documenting selected mitigating actions and monitoring performance against those plans?
Control Metadata
Domain:
Risk Management
Validation Cadence:
Annual
Evidence Request List:
E-RSK-02
Framework Mappings
This control maps to the following compliance frameworks
MAS TRM
5.3.1
HKIA GL20
1.11.21.31.41.52.12.22.3