UCF ID: 02049 |
Control Type: Actionable Reports or measurements |
Status: Live |
Metric guidance
Calculation: The calculation for this metric is # of third party agreements that include and demonstrate external verification of policies and procedures / # of third party agreements.
Calculation source: No authority document source of information exists. The following formula was used: the number of third-party agreements that include a statement to allow external verification of the third-parties policies and procedures divided by the number of third-party agreements for each business unit (or the organization as a whole) .
The Common Control IDs associated with this metric are as follows:
- • Audit the security and regulatory requirements of third parties. [UCF Control ID 00798]
• Report monitoring statistics to the Board of Directors. [UCF Control ID 00676]
Supporting and supported controls
This control directly supports:
- • Establish and maintain an information security requirements metrics program for strategic partners and other third-parties. [UCF Control ID 02043]
There are no supporting controls.
Authority documents complied with:
CISWG Information Security Program Elements, January 10,2005, ISPE11.6; IIA Global Technology Audit Guide (GTAG): Information Technology Controls, § 18.2
US Federal Security Guidance
The organization must measure and report on the percentage of third-party agreements that include/demonstrate external verification of policies and procedures. [ISPE11.6, CISWG Information Security Program Elements, January 10,2005]
General Guidance
The purpose of this measurement is to measure the percentage of third-party agreements that include or demonstrate external verification of policies and procedures. [§ 18.2, IIA Global Technology Audit Guide (GTAG): Information Technology Controls]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.