Professional Documents
Culture Documents
2018-04-16 Framework v1.1 Core1
2018-04-16 Framework v1.1 Core1
Supply Chain Risk Management (ID.SC): ID.SC-3: Contracts with suppliers and third-party
The organization’s priorities, constraints, risk partners are used to implement appropriate
tolerances, and assumptions are established and measures designed to meet the objectives of an
used to support risk decisions associated with organization’s cybersecurity program and Cyber
managing supply chain risk. The organization has Supply Chain Risk Management Plan.
established and implemented the processes to
identify, assess and manage supply chain risks. ID.SC-4: Suppliers and third-party partners are
routinely assessed using audits, test results, or
other forms of evaluations to confirm they are
meeting their contractual obligations.
Data Security (PR.DS): Information and records PR.DS-4: Adequate capacity to ensure availability
(data) are managed consistent with the is maintained
organization’s risk strategy to protect the
confidentiality, integrity, and availability of
information.
Data Security (PR.DS): Information and records PR.DS-4: Adequate capacity to ensure availability
(data) are managed consistent with the is maintained
organization’s risk strategy to protect the
confidentiality, integrity, and availability of
information.