>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

Article 28.6Article 28.6

>Control Description

In exercising access, inspection and audit rights over the ICT third-party service provider, financial entities shall, on the basis of a risk-based approach, pre-determine the frequency of audits and inspections as well as the areas to be audited through adhering to commonly accepted audit standards in line with any supervisory instruction on the use and incorporation of such audit standards. Where contractual arrangements concluded with ICT third-party service providers on the use of ICT services entail high technical complexity, the financial entity shall verify that auditors, whether internal or external, or a pool of auditors, possess appropriate skills and knowledge to effectively perform the relevant audits and assessments.

>Cross-Framework Mappings

SCF

RSK-09
Compare
TPM-01.1
Compare
TPM-08
Compare

Ask AI

Configure your API key to use AI features.