This Control directly supports the implied Control(s):
Establish and maintain a supply chain due diligence report., CC ID: 08824
This Control has the following implementation support Control(s):
Include the supply chain due diligence policy in the supply chain due diligence report., CC ID: 08829
Include the management structure assigned to oversee due diligence in the supply chain due diligence report., CC ID: 08830
Include the control systems for supply chains in the supply chain due diligence report., CC ID: 08831
Include the database and recordkeeping systems in the supply chain due diligence report., CC ID: 08832
Include the third party disclosure methods in the supply chain due diligence report., CC ID: 08833
Include government payments in the supply chain due diligence report., CC ID: 08834
Include supply chain risk assessment reports in the supply chain due diligence report., CC ID: 08835
Include the supply chain risk management process in the supply chain due diligence report., CC ID: 08836
Include monitoring and tracking risk mitigation performance in the supply chain due diligence report., CC ID: 08837
Include identification steps to identify smelters and refiners in the supply chain due diligence report., CC ID: 08839
Include due diligence audit reports in the supply chain due diligence report., CC ID: 08840
Include a list of qualified third parties in the supply chain due diligence report., CC ID: 08841
Include supplier red flags in the supply chain due diligence report., CC ID: 08842
Include the supplier risk assessment methodology in the supply chain due diligence report., CC ID: 08843
Include identified risks in the supply chain due diligence report., CC ID: 08844
Include supplier agreement terminations in the supply chain due diligence report., CC ID: 08845
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
Proactively seek assurance on the state of BCP preparedness of the service provider, or participate in joint testing, where possible. It should ensure the service provider regularly tests its BCP plans and that the tests validate the feasibility of the RTO, RPO and resumption operating capacities. S… (5.7.2 (b), Guidelines on Outsourcing)
The Lead Overseer shall notify the ICT third-party service provider of the outcome of the assessment leading to the designation referred in paragraph 1, point (a). Within 6 weeks from the date of the notification, the ICT third-party service provider may submit to the Lead Overseer a reasoned statem… (Art. 31.5. ¶ 1, Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance))
The organization should annually report, or integrate into the annual sustainability or corporate responsibility report, additional information on the due diligence for responsible supply chains of minerals from conflict-affected and high-risk areas. (Supplement on Tin, Tantalum, and Tungsten Step 5: A, OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas, Second Edition)
The organization should annually report, or integrate into the annual sustainability or corporate responsibility report, additional information on the due diligence for responsible supply chains of gold from conflict-affected and high-risk areas. (Supplement on Gold Step 5: A, OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas, Second Edition)
The organization shall submit an annual report to the Securities and Exchange Commission that includes a description of the measures taken to exercise due diligence on the source and chain of custody for conflict minerals. (§ 1502(b)(p)(1)(A)(i), PUBLIC LAW 111-203, July 21 2010)
The organization shall submit an annual report to the securities and exchange commission that includes a description of the products manufactured or contracted to be manufactured that are not democratic republic of the congo conflict-free, who conducted the independent private sector audit, the faci… (§ 1502(b)(p)(1)(A)(ii), PUBLIC LAW 111-203, July 21 2010)
