Back

Define timeliness factors for third party reporting requirements.


CONTROL ID
13304
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain third party reporting requirements., CC ID: 13289

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Timeliness of third-party reporting to financial institution clients. (App A Objective 12:16 b., FFIEC Information Technology Examination Handbook - Management, November 2015)
  • The integrity and timeliness of MIS reports on individual and aggregate customer activity/transaction and exposure levels; (App A Tier 2 Objectives and Procedures M.4 Bullet 1 Sub-Bullet 5, Sub-Sub Bullet 1, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • Reporting plays an important role in equipping Level 1 decision-makers with the context necessary to make informed decisions on how to manage cybersecurity risks throughout the supply chain. Reporting should focus on enterprise-wide trends and include coverage of the extent to which C-SCRM has been … (2.3.2. ΒΆ 11, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1)