A.5.21 — Managing information security in the ICT supply chain
This control manages information security risks in the ICT supply chain to ensure security of services and components. Measures include risk assessments, supplier evaluations, and incident response protocols.
| Property | Value |
|---|---|
| Section | process |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-ORG-04 | Supplier and Third-Party Security |
| SID-OPS-04 | Vulnerability Management |
Source: ISO/IEC 27001:2022 Annex A