Back

Assess third parties' breach remediation status, as necessary, during due diligence.


CONTROL ID
12076
CONTROL TYPE
Business Processes
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Conduct all parts of the supply chain due diligence process., CC ID: 08854

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Banks can also consider incorporating DoS attack considerations in their ISP selection process. An incident response framework should be devised and validated periodically to facilitate fast response to a DDoS onslaught or an imminent attack. Banks may also need to be familiar with the ISPs' inciden… (Critical components of information security 26) c., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • the protection of data and the potential impact of a confidentiality breach or failure to ensure data availability and integrity on the institution or payment institution and its clients, including but not limited to compliance with Regulation (EU) 2016/679. (4.4 31(j), Final Report on EBA Guidelines on outsourcing arrangements)