T6.2.3 - MANAGING CHANGES TO THIRD PARTY SERVICES Implementation Guidance
The entity shall manage changes to the provision of third party services, including maintaining and improving existing information security policies, procedures and controls.
Back to T6.2.3 - P2 - MANAGING CHANGES TO THIRD PARTY SERVICES
The process of managing changes to a third party service needs to take account of:
A. Changes made by the entity to implement:
- 1- Enhancements to the current services offered
- 2- Development of any new applications and systems
- 3- Modifications or updates of the entity’s policies and procedures
- 4- New controls to resolve information security incidents and to improve security
B. Changes in third party services to implement:
- 1- Changes and enhancement to networks
- 2- Use of new technologies
- 3- Adoption of new products or newer versions/releases
- 4- New development tools and environments
- 5- Changes to physical location of service facilities
- 6- Change of vendors
Back to T6.2.3 - P2 - MANAGING CHANGES TO THIRD PARTY SERVICES
