💼 A.15.1.3 Information and communication technology supply chain
- ID:
/frameworks/iso-iec-27001-2013/15/01/03
Description​
Agreements with suppliers shall include requirements to address the information security risks associated with information and communications technology services and product supply chain.
Similar​
- Internal
- ID:
dec-c-97d07430
- ID:
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST CSF v1.1 → 💼 ID.BE-1: The organization's role in the supply chain is identified and communicated | no data | ||||
| 💼 NIST CSF v1.1 → 💼 ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders | no data | ||||
| 💼 NIST CSF v1.1 → 💼 ID.SC-3: Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization's cybersecurity program and Cyber Supply Chain Risk Management Plan | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|