T6.1.1 - THIRD PARTY SECURITY POLICY Implementation Guidance
The entity shall establish a third party security policy to facilitate the implementation of the associated controls.
Back to T6.1.1 - P4 - THIRD PARTY SECURITY POLICY
The third party security policy facilitates the implementation of the associated controls to safeguard the entity’s information assets when third parties are involved in their operation. The policy can, for example, contain in addition to the required sub-controls:
- A. Third party engagement terms and conditions
- B. Information security requirements
- C. Audit requirements
The third party security policy can be included as part of the general information security policy, in a single policy document, or can be represented by multiple policies reflecting the complex nature of certain entities.
