Back

Structure the organization to support supply chain due diligence.


CONTROL ID
08850
CONTROL TYPE
Business Processes
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Commit to the supply chain due diligence process., CC ID: 08849

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • IT security risks need to be appropriately managed regardless of whether activities and associated IT assets are under the direct control of a regulated institution or have been outsourced to a service provider. Where a service provider (including a software vendor) has been engaged, the due diligen… (Attachment C ¶ 1, APRA Prudential Practice Guide 234: Management of security risk in information and information technology, May 2013)
  • The internal management systems should be structured to support supply chain due diligence. (Supplement on Tin, Tantalum, and Tungsten Step 1: B, OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas, Second Edition)
  • The internal management systems should be structured to support supply chain due diligence. (Supplement on Gold Step 1: § I.B, OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas, Second Edition)