Back

Assign key stakeholders to review and approve supply chain risk management procedures.


CONTROL ID
13199
CONTROL TYPE
Human Resources Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Include supply chain risk management procedures in the risk management program., CC ID: 13190

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • overseeing the day-to-day management of the institution or payment institution, including the management of all risks associated with outsourcing; and (4.6 36(e), Final Report on EBA Guidelines on outsourcing arrangements)
  • Financial institutions should oversee their TSPs and perform due diligence in selecting their third-party servicers, including a review of the risk management systems used by the TSPs. Such reviews should include measures taken by the TSPs to protect information about financial institutions' custome… (Risk Management ΒΆ 2, FFIEC IT Examination Handbook - Supervision of Technology Service Providers, October 2012)
  • Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders (ID.SC-1, Framework for Improving Critical Infrastructure Cybersecurity, v1.1)
  • Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders (ID.SC-1, Framework for Improving Critical Infrastructure Cybersecurity, v1.1 (Draft))