Back

Disseminate and communicate critical third party dependencies to interested personnel and affected parties.


CONTROL ID
06816
CONTROL TYPE
Behavior
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a critical third party list., CC ID: 06815

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • {activation procedures} {communication procedures} {internal interdependencies} {internal interactions} {external interactions} {information flow processes} Each plan shall define - purpose and scope, - objectives, - activation criteria and procedures, - implementation procedures, - roles, responsib… (§ 8.4.4 ¶ 3, ISO 22301: Societal Security - Business Continuity Management Systems - Requirements, Corrected Version)
  • explain and justify the organization's actions, inactions, omissions, risk and dependencies, including those of the governing body; (§ 6.5.3.2 ¶ 1 g), ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • For cloud computing services, is a critical vendor dependency chart made available to clients? (§ V.1.57.1, Shared Assessments Standardized Information Gathering Questionnaire - V. Cloud, 7.0)
  • A preventive program to reduce the likelihood that an institution's operations will be significantly affected by a pandemic event, including: monitoring of potential outbreaks, educating employees, communicating and coordinating with critical service providers and suppliers, and providing appropriat… (TIER I OBJECTIVES AND PROCEDURES BCP - Pandemic Issues Objective 8:3 Bullet 1, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Third-party technology providers; (TIER I OBJECTIVES AND PROCEDURES Risk Management Objective 4:7 Bullet 3, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Stand-in arrangements with other financial institutions, allowing for interim bankcard processing in the event of an outage. (App A Tier 2 Objectives and Procedures E.1 Bullet 5, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)