SID-ORG-04 — Supplier and Third-Party Security
| Property | Value |
|---|---|
| Owner | operator |
| Category | policy |
| CSF Function | govern |
| Group | Governance and Policy Controls |
Description
Assess and manage information security risks from suppliers, including the SIROS ID platform provider (Siros Foundation). Maintain supplier agreements addressing security requirements, audit rights, incident notification, and SLAs. Monitor the ICT supply chain for compromised components (dependencies, libraries).
Framework Requirements
ISO 27001 Annex A: A.5.19, A.5.20, A.5.21, A.5.22, A.5.23, A.8.30
GDPR Checklist: Sign a data processing agreement
OWASP ASVS 4.0.3 Level 3: V14.2