TPM-12—Approved Service Provider Listing

>Control Description

Organization maintains a list of approved managed service providers and the services they provide to Organization.

Theme

Process

Type

Preventive

Policy/Standard

Vendor Information Security Policy

>Implementation Guidance

1. Ensure there is a documented process for vendor onboarding and termination. 2. Ensure that activities for vendor onboarding and offboarding are logged and maintained appropriately. 3. Ensure that the list of active vendors is reviewed and updated periodically.

>Testing Procedure

1. Inspect and validate that there is a documented process for vendor onboarding and termination. 2. Validate that activities for vendor onboarding and offboarding are logged and maintained appropriately. 3. Validate the list of active vendors and verify that it is reviewed and updated periodically.

>Audit Artifacts

E-TPM-18

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

Ask AI

Configure your API key to use AI features.

>Control Description

Theme

Type

Policy/Standard

>Implementation Guidance

>Testing Procedure

>Audit Artifacts

>Framework Mappings

CIS Controls1

PCI DSS1

BSI C51

Ask AI

CIS Controls
1

PCI DSS
1

BSI C5
1