TPM — Third-Party Management
28 controls in the Third-Party Management domain
TPM-01Third-Party Management
TPM-01.1Third-Party Inventories
TPM-02Third-Party Criticality Assessments
TPM-03Supply Chain Risk Management (SCRM)
TPM-03.1Acquisition Strategies, Tools & Methods
TPM-03.2Limit Potential Harm
TPM-03.3Processes To Address Weaknesses or Deficiencies
TPM-03.4Adequate Supply
TPM-04Third-Party Services
TPM-04.1Third-Party Risk Assessments & Approvals
TPM-04.2External Connectivity Requirements - Identification of Ports, Protocols & Services
TPM-04.3Conflict of Interests
TPM-04.4Third-Party Processing, Storage and Service Locations
TPM-05Third-Party Contract Requirements
TPM-05.1Security Compromise Notification Agreements
TPM-05.2Contract Flow-Down Requirements
TPM-05.3Third-Party Authentication Practices
TPM-05.4Responsible, Accountable, Supportive, Consulted & Informed (RASCI) Matrix
TPM-05.5Third-Party Scope Review
TPM-05.6First-Party Declaration (1PD)
TPM-05.7Break Clauses
TPM-05.8Third-Party Attestation (3PA)
TPM-06Third-Party Personnel Security
TPM-07Monitoring for Third-Party Information Disclosure
TPM-08Review of Third-Party Services
TPM-09Third-Party Deficiency Remediation
TPM-10Managing Changes To Third-Party Services
TPM-11Third-Party Incident Response & Recovery Capabilities