TPM-02
Third-Party Criticality Assessments
Description
Mechanisms exist to identify, prioritize and assess suppliers and partners of critical Technology Assets, Applications and/or Services (TAAS) using a supply chain risk assessment process relative to their importance in supporting the delivery of high-value services.
Control Question
Does the organization identify, prioritize and assess suppliers and partners of critical Technology Assets, Applications and/or Services (TAAS) using a supply chain risk assessment process relative to their importance in supporting the delivery of high-value services?
Control Metadata
Domain:
Third-Party Management
Validation Cadence:
Annual
Evidence Request List:
E-TPM-02