An Introduction To
Objective: To implement and maintain the appropriate level of information security and service delivery in line with third party service delivery agreements
The organisation should ensure that all third party delivered services meet their requirements and this should be monitored for the duration of the service delivery.
All security requirements require by contractual agreement from third parties as part of their contract should be monitored to ensure that they are delivered and are appropriate.
Monitoring and review of third party services
All third party services delivered to the organisation should be regularly monitored and reviewed. Regular auditing of the services that they provide against contractual agreements should be undertaken and shortfall should be addressed.
Managing changes to third party services
Any changes to services provided by a third party should be managed by the organization. This will include provision of services, changes to existing services and new services. Evaluation of the risks to the organisation must be undertaken based on the criticality of the system and the impact of the change.
The Security Practitioner
An Introduction to Information Security