TPM-03
Supply Chain Risk Management (SCRM)
Description
Mechanisms exist to: (1) Evaluate security risks and threats associated with Technology Assets, Applications and/or Services (TAAS) supply chains; and (2) Take appropriate remediation actions to minimize the organization's exposure to those risks and threats, as necessary.
Control Question
Does the organization: (1) Evaluate security risks and threats associated with Technology Assets, Applications and/or Services (TAAS) supply chains; and (2) Take appropriate remediation actions to minimize the organization's exposure to those risks and threats, as necessary?
Control Metadata
Domain:
Third-Party Management
Validation Cadence:
Annual
Evidence Request List:
E-RSK-02
Framework Mappings
This control maps to the following compliance frameworks
APRA CPS234
2228
MAS TRM
3.4.13.4.2
HKIA GL20
7.17.2