Report on the percentage of strategic or third party partners for which all information assurance requirements have been implemented in accordance with the agreements.

UCF ID: 01675
Control Type: Actionable Reports or measurements
Status: Live
Metric guidance

Calculation: The calculation for this metric is # of strategic or third party partners for which all information assurance requirements have been implemented according to the agreement / # of partner agreements.

Calculation source: No authority document source of information exists. The following formula was used: the number of partners who have implemented all of the stated information assurance requirements identified in the agreement divided by the total number of partner agreements that have security requirements listed in the agreement.

The Common Control IDs associated with this metric are as follows:

Supporting and supported controls

This control directly supports:

    Establish and maintain a strategic partner and a third party measurement metrics standard. [UCF Control ID 01662]

There are no supporting controls.

Authority documents complied with:

CISWG Information Security Program Elements, January 10,2005, ISPE4.1; Guide for Developing Performance Metrics for Information Security, NIST SP 800-80, Table 19; IIA Global Technology Audit Guide (GTAG): Information Technology Controls, § 18.1

US Federal Security Guidance

The organization must measure and report on the percentage of strategic partner and other third-party relationships for which information security requirements have been implemented in the agreements with these parties. [ISPE4.1, CISWG Information Security Program Elements, January 10,2005]

NIST Guidance

This metric must be calculated using # of strategic or third party partners for which all information assurance requirements have been implemented according to the agreement / # of partner agreements [Table 19, Guide for Developing Performance Metrics for Information Security, NIST SP 800-80]

General Guidance

The purpose of this measurement is to measure the percentage of strategic partner and other third party relationships for which information security requirements have been implemented in agreements. [§ 18.1, IIA Global Technology Audit Guide (GTAG): Information Technology Controls]


Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.


Site and content © Copyright 2003-2009 Network Frontiers, LLC. All rights reserved.