This Control has the following implementation support Control(s):
Include definitions of conflicts of interest in the conflict of interest policy., CC ID: 14792
Submit a conflict of interest declaration to interested personnel and affected parties., CC ID: 16194
Include roles and responsibilities in the conflict of interest policy., CC ID: 14790
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
An IRAP assessment may not proceed if a related conflict of interest is under review by ASD. (42.c., IRAP Policies and Procedures Australian Signals Directorate Information Security Registered Assessors Program, 11/2020)
ASD takes any perceived or actual conflicts of interest seriously and will handle all declarations with sensitivity. ASD will review a sample of declarations to provide assurance that conflicts of interest are being managed appropriately, ethically and that the independence of the program is being m… (48., IRAP Policies and Procedures Australian Signals Directorate Information Security Registered Assessors Program, 11/2020)
Financial entities, other than microenterprises, shall ensure that tests are undertaken by independent parties, whether internal or external. Where tests are undertaken by an internal tester, financial entities shall dedicate sufficient resources and ensure that conflicts of interest are avoided thr… (Art. 24.4., Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance))
identify and assess conflicts of interest that the contractual arrangement may cause (Art. 28.4.(e), Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance))
Procedures for the identification, assessment, management, and mitigation of potential relevant conflicts of interest. (Table 4 Column 2 Row 1 Bullet 5, SS2/21 Outsourcing and third party risk management, March 2021)
In allocating responsibility for compliance management, consideration should be given to ensuring that the compliance function has no conflict of interest and has demonstrated: (§ 5.3.4 ¶ 3, ISO 19600:2014, Compliance Management Systems - Guidelines, 2014-12-15, Reviewed and confirmed in 2018)
consider its level of independence and the effect this level has on its decision-making, including financial interests, position, associations, relationships, bias and alliances; (§ 6.8.3.2.1 ¶ 1 c), ISO 37000:2021, Governance of organizations â Guidance, First Edition)
carefully address conflicts of interest when making decisions; (§ 6.8.3.2.1 ¶ 1 d), ISO 37000:2021, Governance of organizations â Guidance, First Edition)
Disclose actual, potential or perceived conflicts of interest at the earliest opportunity and manage such conflicts appropriately. (Table 2 Column 2 Row 2 Bullet 2, ISO 37000:2021, Governance of organizations â Guidance, First Edition)
The service auditor may also discuss with the service auditor's specialist any safeguards applicable to the specialist and evaluate whether the safeguards are adequate to reduce known threats to independence to an acceptable level. There may be some circumstances in which safeguards cannot reduce su… (¶ 2.179, SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)
