Back

Establish, implement, and maintain internal accountability for the supply chain due diligence process.


CONTROL ID
08851
CONTROL TYPE
Business Processes
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain supply chain due diligence standards., CC ID: 08846

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • In any outsourcing arrangement, the Board of Directors and management of AIs should retain ultimate accountability for the outsourced activity. Outsourcing can only allow them to transfer their day-to-day managerial responsibility, but not accountability, for an activity or a function to a service p… (2.1.1, Hong Kong Monetary Authority Supervisory Policy Manual SA-2 Outsourcing, V.1-28.12.01)
  • where those institutions or payment institutions have outsourcing arrangements with service providers within the group or the institutional protection scheme 33 , the management body of those institutions or payment institutions retains, also for these outsourcing arrangements, full responsibility f… (4.2 22(a), Final Report on EBA Guidelines on outsourcing arrangements)
  • The policy should include the main phases of the life cycle of outsourcing arrangements and define the principles, responsibilities and processes in relation to outsourcing. In particular, the policy should cover at least: (4.7 42, Final Report on EBA Guidelines on outsourcing arrangements)
  • Companies in the supply chain should ensure there is internal accountability for implementing the supply chain due diligence process. (Supplement on Tin, Tantalum, and Tungsten Step 1: B.4, OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas, Second Edition)
  • Companies in the supply chain should ensure there is internal accountability for implementing the supply chain due diligence process. (Supplement on Gold Step 1: ยง I.B.4, OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas, Second Edition)
  • Determine whether management appropriately oversees the effectiveness of information security controls over outsourced operations and is accountable for the mitigation of risks involved with the use of third-party service providers. Review the due diligence involved, security controls to mitigate ri… (App A Objective 6.31, FFIEC Information Technology Examination Handbook - Information Security, September 2016)