Establish, implement, and maintain physical security controls for the supply chain.
CONTROL ID 08931
CONTROL TYPE Business Processes
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Third Party and supply chain oversight, CC ID: 08807
This Control has the following implementation support Control(s):
Assign unique reference numbers to all products and their subcomponents., CC ID: 08932
Implement physical security controls at all supply chain member locations., CC ID: 08933
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
Which protection requirements do the target objects processed by an external service provider or within scope of outsourcing have? (§ 8.3.7 ¶ 3 Bullet 2, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
Medium and large-scale mining companies and artisanal and small-scale mining enterprises should implement physical security practices for the gold. (Supplement on Gold Step 1: § II.A.2, OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas, Second Edition)
Upstream companies should enhance their physical security practices based on discrepancies in mine production and capacity, processing production and capacity, or information from suppliers on gold shipments. (Supplement on Gold Step 3: § I.B.2, OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas, Second Edition)
Contract provisions for smoke and fire detection in third-party hosted infrastructure situations. (App A Objective 13:9b Bullet 8, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
