+Third-party (Standard) Contract Management
---+Termination Rights and Conditions
---+Service Level Management
---+Service Locations and Data Processing
---+Cooperation in Incident Response
---+Participation in Security Awareness Programs
|
1. Overview
Third-party (Standard) Contract Management
| Summary |
Standard |
|
Termination Rights and Conditions
|
Define explicit termination rights including significant breaches of laws, regulations, or contract terms, material changes in third-party risks, demonstrated ICT weaknesses, and regulator oversight constraints. Set provisions for ensuring access, recovery, and return of data in an easily accessible format in cases of termination, insolvency, resolution, or discontinuation of the service provider's business operations.
|
|
Service Level Management
|
Define clear and measurable service level descriptions outlining expected performance and quality standards. Ensure that the service provider provides a comprehensive description of all functions and ICT services that are offered, including any sub-contracting arrangements. Establish arrangements ensuring appropriate levels of data protection in line with regulatory requirements.
|
|
Service Locations and Data Processing
|
Specify service locations and data processing sites. Require timely notification of any intended changes to these locations.
|
|
Cooperation in Incident Response
|
Oblige the ICT third-party service provider to fully cooperate with the regulator and provide necessary assistance in the event of an incident related to the provided service.
|
|
Participation in Security Awareness Programs
|
Specify conditions for the participation of the service provider in security awareness and resilience programs/trainings.
|
1.1 References
1.2 Identified Requirements
1.2 Related Regulation
2. Identified Requirements
Requirements
| Source |
Requirement |
3. Related Regulations
Regulations
| Source |
Regulation |
|