TPM-05
Third-Party Contract Requirements
Description
Mechanisms exist to require contractual requirements for cybersecurity and data protection requirements with third-parties, reflecting the organization's needs to protect its Technology Assets, Applications, Services and/or Data (TAASD).
Control Question
Does the organization require contractual requirements for cybersecurity and data protection requirements with third-parties, reflecting its needs to protect its Technology Assets, Applications, Services and/or Data (TAASD)?
Control Metadata
Domain:
Third-Party Management
Validation Cadence:
Annual
Evidence Request List:
E-RSK-02 E-TPM-01 E-TPM-03
Framework Mappings
This control maps to the following compliance frameworks
APRA CPS 230
1554(a)54(b)54(c)54(d)54(e)54(f)54(g)55(a)55(b)55(c)
APRA CPS234
162028
MAS TRM
3.4.13.4.23.4.3
HKIA GL20
7.17.2