Logo

CISOBot - Your AI CISO Assistant

TPM-08

Review of Third-Party Services

Weight: 9/10
Description

Mechanisms exist to monitor, regularly review and assess External Service Providers (ESPs) for compliance with established contractual requirements for cybersecurity and data protection controls.

Control Question

Does the organization monitor, regularly review and audit External Service Providers (ESPs) for compliance with established contractual requirements for cybersecurity and data protection controls?

Control Metadata
Domain:

Third-Party Management

Validation Cadence:

Semi-Annual

Evidence Request List:

E-TPM-03

Framework Mappings

This control maps to the following compliance frameworks

APRA CPS 230

58(a)58(b)58(c)

APRA CPS234

28

MAS TRM

3.4.3

HKIA GL20

7.17.2

Have questions about this control?

Ask CISOBot for implementation guidance and best practices