CISM - Information Security Program - Section 3.10
Manage information security risks associated with external service providers, suppliers and third and fourth parties.
Manage third-party risk and supply chain security by establishing vendor management processes that assess and monitor the security posture of suppliers and service providers. Extend scrutiny to fourth-party risk - the security of the suppliers used by your own suppliers - and include contractual requirements that enforce minimum security standards.
Third-party riskVendor managementSupply chain securityFourth-party risk
More in this domain
Back to all Information Security Program objectives, or the CISM cert hub.
Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.