Third party service delivery management

Objective: To implement and maintain the appropriate level of information security and service delivery in line with third party service delivery agreements

The organisation should ensure that all third party delivered services meet their requirements and this should be monitored for the duration of the service delivery.

Service delivery

All security requirements require by contractual agreement from third parties as part of their contract should be monitored to ensure that they are delivered and are appropriate.

Monitoring and review of third party services

All third party services delivered to the organisation should be regularly monitored and reviewed. Regular auditing of the services that they provide against contractual agreements should be undertaken and shortfall should be addressed.

Managing changes to third party services

Any changes to services provided by a third party should be managed by the organization. This will include provision of services, changes to existing services and new services. Evaluation of the risks to the organisation must be undertaken based on the criticality of the system and the impact of the change.

An Introduction To Information, Network and Internet Security
Third party service delivery management Objective: To implement and maintain the appropriate level of information security and service delivery in line with third party service delivery agreements The organisation should ensure that all third party delivered services meet their requirements and this should be monitored for the duration of the service delivery. Service delivery All security requirements require by contractual agreement from third parties as part of their contract should be monitored to ensure that they are delivered and are appropriate. Monitoring and review of third party services All third party services delivered to the organisation should be regularly monitored and reviewed. Regular auditing of the services that they provide against contractual agreements should be undertaken and shortfall should be addressed. Managing changes to third party services Any changes to services provided by a third party should be managed by the organization. This will include provision of services, changes to existing services and new services. Evaluation of the risks to the organisation must be undertaken based on the criticality of the system and the impact of the change.	The Security Practitioner An Introduction to Information Security
Return To An Introduction to Information Security