💼 17 APRA-regulated entities often place reliance on information security capabilities of third parties and related parties to provide a targeted information security capability, or as part of a wider service-provision arrangement. Accordingly, entities would have a view as to the sufficiency of resources, skills and controls of third parties and related parties. This could be achieved through a combination of interviews, service reporting, control testing, certifications, attestations, referrals and independent assurance assessments. Any capability gaps identified would be addressed in a timely manner.
- ID:
/frameworks/apra-cpg-234/06/17
Description​
Empty...
Similar​
- Internal
- ID:
dec-c-197453bb
- ID:
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|