Back

Terminate supplier relationships, as necessary.


CONTROL ID
13489
CONTROL TYPE
Business Processes
CLASSIFICATION
Corrective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a supply chain management program., CC ID: 11742

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • When a provider of telecommunications billing services (a person who provides services under Article 2 (1) 10 (a)) amends any of the contractual terms and conditions, he or she shall notify users of the amendment thereof one month prior to the effective date of the amended contractual terms and cond… (Article 58(6), Act On Promotion of Information and Communications Network Utilization and Information Protection, Amended by Act No. 14080, Mar. 22, 2016)
  • discontinue the business activities that are depending on the function. (4.6 40(f)(iii), Final Report on EBA Guidelines on outsourcing arrangements)
  • ICT third-party service provider's evidenced weaknesses pertaining to its overall ICT risk management and in particular in the way it ensures the availability, authenticity, integrity and, confidentiality, of data, whether personal or otherwise sensitive data, or non-personal data; (Art. 28.7.(c), Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance))
  • where the competent authority can no longer effectively supervise the financial entity as a result of the conditions of, or circumstances related to, the respective contractual arrangement. (Art. 28.7.(d), Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance))
  • Securely decommission service providers. Example considerations include user and service account deactivation, termination of data flows, and secure disposal of enterprise data within service provider systems. (CIS Control 15: Safeguard 15.7 Securely Decommission Service Providers, CIS Controls, V8)
  • Establish and maintain a service provider management policy. Ensure the policy addresses the classification, inventory, assessment, monitoring, and decommissioning of service providers. Review and update the policy annually, or when significant enterprise changes occur that could impact this Safegua… (CIS Control 15: Safeguard 15.2: Establish and Maintain a Service Provider Management Policy, CIS Controls, V8)
  • Implementing procedures for terminating vendor and business partner relationships (¶ 3.150 Bullet 8, Reporting on Controls at a Service Organization: Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC2), current as of January 1, 2018)
  • Implementing procedures for terminating vendor and business partner relationships based on predefined considerations. Those procedures may include safe return of data and its removal from the vendor or business partner system. (¶ 3.164 Bullet 9, SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)
  • The entity implements procedures for terminating vendor and business partner relationships. (CC9.2 Implements Procedures for Terminating Vendor and Business Partner Relationships, Trust Services Criteria)
  • The entity implements procedures for terminating vendor and business partner relationships. (CC9.2 ¶ 2 Bullet 8 Implements Procedures for Terminating Vendor and Business Partner Relationships, Trust Services Criteria, (includes March 2020 updates))