TPM-02—Vendor Risk Management

>Control Description

Organization performs a risk assessment to determine the data types that can be shared with a managed service provider.

Theme

Process

Type

Preventive

Policy/Standard

Vendor Information Security Policy

>Implementation Guidance

1. Ensure there is process to conduct vendor security review and all vendors must go through the review; records for documentation and risk rating needs to be maintained.

>Testing Procedure

1. Validate for a sample for service providers that an assessment was conducted and a risk rating is assigned to them as part of the VSR process. 2. Validate that the vendors are listed in the vendor management tool

>Audit Artifacts

E-TPM-04

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

Ask AI

Configure your API key to use AI features.

TPM-02—Vendor Risk Management

>Control Description

Theme

Type

Policy/Standard

>Implementation Guidance

>Testing Procedure

>Audit Artifacts

>Framework Mappings

CIS Controls
1

ISO 27002:2022
1

FedRAMP Rev 5
2

PCI DSS
1

BSI C5
1

TX-RAMP
1

Ask AI

>Control Description

Theme

Type

Policy/Standard

>Implementation Guidance

>Testing Procedure

>Audit Artifacts

>Framework Mappings

CIS Controls1

ISO 27002:20221

FedRAMP Rev 52

PCI DSS1

BSI C51

TX-RAMP1

Ask AI

CIS Controls
1

ISO 27002:2022
1

FedRAMP Rev 5
2

PCI DSS
1

BSI C5
1

TX-RAMP
1