>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

TPM-13Vendor Information Security Standard

>Control Description

Organization has documented a Vendor Information Security Standard that defines the responsibilities and governance requirements regarding vendor information security engagements. Contractual agreements are entered into with vendors who process or store Organization data that define information Security terms and service level agreements.

Theme

Process

Type

Preventive

Policy/Standard

Vendor Information Security Policy

>Implementation Guidance

1. Ensure there is documented vendor information security standard which is available on intranet for employees. 2. Ensure vendor information security standard defines the responsibilities and governance requirements regarding vendor information security engagements. 3. Ensure appropriate agreements are established with vendors who process or store Organization data.

>Testing Procedure

1. Inspect and validate that there is a documented vendor information security standard which is available on intranet for employees. 2. Validate vendor information security standard defines the responsibilities and governance requirements regarding vendor information security engagements. 3. For a sample vendor validate that agreements are established.

>Audit Artifacts

E-TPM-07
E-TPM-19

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

NIST CSF
3

ID.BE-1
ID.SC-3
ID.SC-4

CIS Controls
2

15.2
15.4

ISO 27001
1

7.3

ISO 27002:2022
3

5.2
5.23
5.21

PCI DSS
1

12.8

HIPAA Security Rule
1

164.308(a)(1)(i)

SOC 2
2

CC1.3
C1.1

BSI C5
7

COM-01
HR-06
OIS-02
OIS-03
SIM-04
SSO-01
+1 more

Ask AI

Configure your API key to use AI features.