Report on the percentage of known information security risks that are related to third-party relationships

Status: Live

The organization will report on the percentage of known information security risks that are related to third-party relationships. [UCF ID 02044]

Metric guidance

Calculation: The calculation for this metric is # of known information security risks that are related to third party relationships / # of security risks.

Calculation source: No authority document source of information exists. The following formula was used: the number of information security risks from the risk assessments that are identified as being related to third-party access to the organization's systems divided by the number of security risks identified during the risk assessment.

The Common Control IDs associated with this metric are as follows:

Supporting and supported controls

This control directly supports:

    Establish and maintain an implementation of Information Security Requirements for Strategic Partners and Other Third-parties metrics program [UCF Control ID 02043]

There are no supporting controls.

Authority documents complied with:

CISWG Information Security Program Elements, January 10,2005, ISPE11.1; IIA Global Technology Audit Guide (GTAG): Information Technology Controls, § 18.2

US Federal Security Guidance

The organization must measure and report on the percentage of known information security risks that are related to third-party relationships. [ISPE11.1, CISWG Information Security Program Elements, January 10,2005]

General Guidance

The purpose of this measurement is to measure the percentage of known information security risks that are related to third-party relationships. [§ 18.2, IIA Global Technology Audit Guide (GTAG): Information Technology Controls]


Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.


Site and content © Copyright 2003-2009 Network Frontiers, LLC. All rights reserved.