Back

Commit to the supply chain due diligence process.


CONTROL ID
08849
CONTROL TYPE
Business Processes
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain supply chain due diligence standards., CC ID: 08846

This Control has the following implementation support Control(s):
  • Structure the organization to support supply chain due diligence., CC ID: 08850
  • Schedule supply chain audits, as necessary., CC ID: 10015


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • The supply chain policy for all companies in the supply chain should commit to the due diligence steps and recommendations. (Supplement on Tin, Tantalum, and Tungsten Step 1: A.2, OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas, Second Edition)
  • The supply chain policy for all companies in the supply chain should commit to the due diligence steps and recommendations. (Supplement on Gold Step 1: § I.A.2, OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas, Second Edition)
  • within 30 days of the extortion payment, a written description of the reasons payment was necessary, a description of alternatives to payment considered, all diligence performed to find alternatives to payment and all diligence performed to ensure compliance with applicable rules and regulations inc… (§ 500.17 Notices to Superintendent (c)(2), New York Codes, Rules and Regulations, Title 23, Chapter 1, Part 500 Cybersecurity Requirements for Financial Services Companies, Second Amendment)