💼 29 Incident management - Third parties and related parties

Description

Empty...

Section	Sub Sections	Internal Rules	Policies	Flags
💼 75 In APRA’s view, a regulated entity would benefit from agreeing each party’s roles and responsibilities where incident response requires collaboration and coordination between the regulated entity and third parties or related parties. This could involve formalisation of points of integration between third party and related party incident response plans and involvement of third parties and related parties in incident response testing.
💼 76 APRA-regulated entities that place reliance on the information security capabilities of third parties and related parties as part of a broader service provision arrangement would typically seek evidence of the periodic testing of incident response plans by those parties.