Content library
Agreements and monitoring
Informing acquirers of security protection obligations during transfers
Partner management
Agreements and monitoring

Informing acquirers of security protection obligations during transfers

Start free trial

Task description

Informing acquirers of security protection obligations during transfers

When an organization intends to transfer a security-sensitive activity, or a part thereof, to another entity (acquirer), the organization should ensure that the acquirer is explicitly informed that the Security Protection Act applies to the activity being transferred.

This information should also comprehensively detail the specific security obligations that are applicable to an operator under Chapter 2, Section 1 of the Security Protection Act.

This process ensures that the acquirer is fully aware of their legal responsibilities related to security protection from the outset of the transfer.

Requirements connected to the task

§ 4.20: Upplysning om säkerhetsskyldigheter
Säkerhetsskyddslagen (Sverige)

Other tasks from the same security theme

Task name
Priority
Policy
Other requirements
Data processing partner listing and owner assignment
Critical
High
Normal
Low
Agreements and monitoring
71
requirements

Examples of other requirements this task affects

26. Joint controllers
GDPR
28. Data processor
GDPR
44. General principle for transfers
GDPR
8.1.1: Inventory of assets
ISO 27001
13.2.2: Agreements on information transfer
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Data processing partner listing and owner assignment
Documentation of partner contract status
Critical
High
Normal
Low
Agreements and monitoring
58
requirements

Examples of other requirements this task affects

28. Data processor
GDPR
15.1.3: Information and communication technology supply chain
ISO 27001
A.7.2.6: Contracts with PII processors
ISO 27701
HAL-16.1: Hankintojen turvallisuus - sopimukset
Julkri
TSU-04: Henkilötietojen käsittelijä
Julkri
See all related requirements and other information from tasks own page.
Go to >
Documentation of partner contract status
Documentation of customer groups whose information is processed by the organization
Critical
High
Normal
Low
Agreements and monitoring
9
requirements

Examples of other requirements this task affects

CLD 6.3: Relationship between cloud service customer and cloud service provider
ISO 27017
CLD 6.3.1: Shared roles and responsibilities within a cloud computing environment
ISO 27017
CLD 8.1.5: Removal of cloud service customer assets
ISO 27017
A.8.2.1: Customer agreement
ISO 27701
4.2: Interested parties
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Documentation of customer groups whose information is processed by the organization
Responsible network and cybersecurity practices (China)
Critical
High
Normal
Low
Agreements and monitoring
2
requirements

Examples of other requirements this task affects

Article 27: Individual and organizational obligations in cases of activities endangering cybersecurity
CSL (China)
Article 46: Network use responsibility
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Responsible network and cybersecurity practices (China)
Defining security maintenance in customer agreements
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

Article 22.2: Obligations for ongoing security maintenance
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Defining security maintenance in customer agreements
Business associate contracts and subcontractor obligations regarding PHI
Critical
High
Normal
Low
Agreements and monitoring
2
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Business associate contracts and subcontractor obligations regarding PHI
Joint notice of privacy practices for an organized health care
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Joint notice of privacy practices for an organized health care
Disclosure of PHI to business associates and subcontractors
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Disclosure of PHI to business associates and subcontractors
Procedure for information exchange with authorities (Belgium)
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

Art. 19: Échange d'informations
Loi infrastructures critiques
See all related requirements and other information from tasks own page.
Go to >
Procedure for information exchange with authorities (Belgium)
Monitoring policy of personal data
Critical
High
Normal
Low
Agreements and monitoring
2
requirements

Examples of other requirements this task affects

§ 6-4.4: Håndtering av overvåkingsdata
Sikkerhetsloven
Article 41: Collection and usage of personal information
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Monitoring policy of personal data
Appointing an authorization authority
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

§ 8-9: Autorisasjon
Sikkerhetsloven
See all related requirements and other information from tasks own page.
Go to >
Appointing an authorization authority
User notification of monitoring
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

§ 6-4.6: Informere autoriserte brukere om overvåking
Sikkerhetsloven
See all related requirements and other information from tasks own page.
Go to >
User notification of monitoring
Performing a special security protection assessment before starting sensitive procedures
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

§ 4.7: Skyldigheter inför förfaranden som kräver säkerhetsskyddsavtal
SSL
See all related requirements and other information from tasks own page.
Go to >
Performing a special security protection assessment before starting sensitive procedures
Informing acquirers of security protection obligations during transfers
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

§ 4.20: Upplysning om säkerhetsskyldigheter
SSL
See all related requirements and other information from tasks own page.
Go to >
Informing acquirers of security protection obligations during transfers
Supplier agreement review and non-compliance actions
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

§ 4.5: Motpartens efterlevnad av säkerhetsavtal
SSL
See all related requirements and other information from tasks own page.
Go to >
Supplier agreement review and non-compliance actions
Process for consultation with the supervisory authority
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

§ 4.15: Skyldigheten att samråda
SSL
See all related requirements and other information from tasks own page.
Go to >
Process for consultation with the supervisory authority
Performing a suitability assessment
Critical
High
Normal
Low
Agreements and monitoring
2
requirements

Examples of other requirements this task affects

§ 4.7: Skyldigheter inför förfaranden som kräver säkerhetsskyddsavtal
SSL
§ 4.9: Lämplighetsprövningen
SSL
See all related requirements and other information from tasks own page.
Go to >
Performing a suitability assessment
Implementation of cyber security measures (Lithuania)
Critical
High
Normal
Low
Agreements and monitoring
2
requirements

Examples of other requirements this task affects

14.2.: Kibernetinio saugumo reikalavimų terminas
NIS2 Lithuania
14.3.: Įgyvendinimo duomenų pateikimas
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Implementation of cyber security measures (Lithuania)
Process for handling and sharing vulnerability disclosures
Critical
High
Normal
Low
Agreements and monitoring
8
requirements

Examples of other requirements this task affects

RS.AN-5: Processes are established to receive, analyse, and respond to vulnerabilities disclosed to the organization from internal and external sources.
CyberFundamentals
ID.RA-08: Processes for handling vulnerability disclosures
NIST 2.0
30 § 3.11°: Divulgation des vulnérabilités
NIS2 Belgium
14.5.6): Tinklų ir informacinių sistemų saugumą
NIS2 Lithuania
Vuln.6: Sharing information about potential vulnerabilities
CRA
See all related requirements and other information from tasks own page.
Go to >
Process for handling and sharing vulnerability disclosures
Establishing agreements with third parties to provide consultation during an incident
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

4.1.4: Establish agreements with relevant third parties
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Establishing agreements with third parties to provide consultation during an incident
Assigning of a Public Relations Officer
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

RC.CO-1: Public relations are managed.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Assigning of a Public Relations Officer
Management of procurement and use of external IT services
Critical
High
Normal
Low
Agreements and monitoring
4
requirements

Examples of other requirements this task affects

1.3.3: Use of approved external IT services
TISAX
15.4: Ensure Service Provider Contracts Include Security Requirements
CIS 18
§ 9-4.1: Myndighet til å fatte vedtak ved anskaffelser til skjermingsverdig informasjonssystem, objekt og infrastruktur
Sikkerhetsloven
See all related requirements and other information from tasks own page.
Go to >
Management of procurement and use of external IT services
Key contractual requirements for service providers supporting critical functions
Critical
High
Normal
Low
Agreements and monitoring
2
requirements

Examples of other requirements this task affects

Article 30: Key contractual provisions
DORA
See all related requirements and other information from tasks own page.
Go to >
Key contractual requirements for service providers supporting critical functions
Risk Assessment and Considerations for Contracting ICT Services Supporting Critical Functions
Critical
High
Normal
Low
Agreements and monitoring
3
requirements

Examples of other requirements this task affects

Article 29: Preliminary assessment of ICT concentration risk at entity level
DORA
2.1.9: Maintain security responsibility during outsourcing
NSM ICT-SP
Article 34: ICT operations security
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Risk Assessment and Considerations for Contracting ICT Services Supporting Critical Functions
Definition of information sharing agreements and notification obligations
Critical
High
Normal
Low
Agreements and monitoring
18
requirements

Examples of other requirements this task affects

Chapter VI: Information-sharing arrangements
DORA
Article 45: Information-sharing arrangements on cyber threat information and intelligence
DORA
27 § 2°: D'accords de partage d'informations en matière de cybersécurité
NIS2 Belgium
27 § 4°: Notification de la participation à des accords d'échange d'informations
NIS2 Belgium
19.4.: Dalijimosi informacija susitarimai
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Definition of information sharing agreements and notification obligations
Monitoring suppliers' compliance with security requirements
Critical
High
Normal
Low
Agreements and monitoring
48
requirements

Examples of other requirements this task affects

32. Security of processing
GDPR
15.1.1: Information security policy for supplier relationships
ISO 27001
15.2.1: Monitoring and review of supplier services
ISO 27001
ID.GV-2: Cybersecurity role coordination
NIST
ID.SC-1: Cyber supply chain
NIST
See all related requirements and other information from tasks own page.
Go to >
Monitoring suppliers' compliance with security requirements
Definition of supplier-specific responsible persons
Critical
High
Normal
Low
Agreements and monitoring
7
requirements

Examples of other requirements this task affects

8.1.2: Ownership of assets
ISO 27001
15.2.2: Managing changes to supplier services
ISO 27001
ID.SC-4: Audit suppliers and third-party partners
NIST
CC9.2: Partner risk management
SOC 2
ID.SC-4: Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Definition of supplier-specific responsible persons
Documentation of other stakeholders
Critical
High
Normal
Low
Agreements and monitoring
41
requirements

Examples of other requirements this task affects

HAL-04.6: Suojattavat kohteet - sidosryhmät
Julkri
HAL-05: Vaatimukset
Julkri
4.2: Interested parties
ISO 27001
3: Keskeisten sidos- ja asiakasryhmien kartoitus
Digiturvan kokonaiskuvapalvelu
21.2.d: Supply chain security
NIS2
See all related requirements and other information from tasks own page.
Go to >
Documentation of other stakeholders
Maintaining contact with cloud-related special interest groups
Critical
High
Normal
Low
Agreements and monitoring
4
requirements

Examples of other requirements this task affects

ID.RA-2: Cyber threat intelligence
NIST
6.1.4: Contact with special interest groups
ISO 27017
ID.RA-02: Cyber threat intelligence from forums and sources
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Maintaining contact with cloud-related special interest groups
Keeping contact with relevant authorities
Critical
High
Normal
Low
Agreements and monitoring
50
requirements

Examples of other requirements this task affects

6.1.3: Contact with authorities
ISO 27001
RC.CO-1: Public relations
NIST
5.5: Contact with authorities
ISO 27001
23.1: Incident notifications to CSIRT and recipients of services
NIS2
CC2.3: Communication with external parties
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Keeping contact with relevant authorities
Detailed descriptions of required security measures for subcontractors on contracts related to offered cloud services
Critical
High
Normal
Low
Agreements and monitoring
3
requirements

Examples of other requirements this task affects

A.11.12: Sub-contracted PII processing
ISO 27018
15.1.3: Information and communication technology supply chain
ISO 27017
PR.AT-3: Third-party stakeholders (e.g., suppliers, customers, partners) understand their roles and responsibilities.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Detailed descriptions of required security measures for subcontractors on contracts related to offered cloud services
Communicating responsibilities to suppliers
Critical
High
Normal
Low
Agreements and monitoring
9
requirements

Examples of other requirements this task affects

PR.AT-3: Third-party stakeholders
NIST
1.2.4: Definition of responsibilities with service providers
TISAX
ID.BE-1: The organization’s role in the supply chain is identified and communicated.
CyberFundamentals
PR.AT-3: Third-party stakeholders (e.g., suppliers, customers, partners) understand their roles and responsibilities.
CyberFundamentals
GV.SC-02: Establishing and communicating cybersecurity roles for suppliers, customers, and partners
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Communicating responsibilities to suppliers
Service level requirements in contracts related to the data processing environment
Critical
High
Normal
Low
Agreements and monitoring
4
requirements

Examples of other requirements this task affects

28: Palvelutasovaatimukset sopimuksissa
Digiturvan kokonaiskuvapalvelu
Article 30: Key contractual provisions
DORA
2.1.9: Maintain security responsibility during outsourcing
NSM ICT-SP
15.4: Ensure Service Provider Contracts Include Security Requirements
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Service level requirements in contracts related to the data processing environment
Evaluation of data processing agreement for important data processors
Critical
High
Normal
Low
Agreements and monitoring
8
requirements

Examples of other requirements this task affects

28. Data processor
GDPR
15.1.2: Addressing security within supplier agreements
ISO 27001
TSU-04.1: Henkilötietojen käsittelijä - Sopimukset
Julkri
5.20: Addressing information security within supplier agreements
ISO 27001
P6.5: Notification of unauthorized disclosure of personal information from third parties
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Evaluation of data processing agreement for important data processors
Managing changes to supplier services
Critical
High
Normal
Low
Agreements and monitoring
7
requirements

Examples of other requirements this task affects

15.2.2: Managing changes to supplier services
ISO 27001
HAL-16.1: Hankintojen turvallisuus - sopimukset
Julkri
CC3.4: Identification and assesment of changes
SOC 2
CC9.2: Partner risk management
SOC 2
Art. 10: Dienstleister
CSV
See all related requirements and other information from tasks own page.
Go to >
Managing changes to supplier services
Terms and conditions to limit changes directly affecting customer environments
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Terms and conditions to limit changes directly affecting customer environments
Contact with industry-specific interest groups
Critical
High
Normal
Low
Agreements and monitoring
23
requirements

Examples of other requirements this task affects

6.1.4: Contact with special interest groups
ISO 27001
ID.RA-2: Cyber threat intelligence
NIST
RS.CO-5: Voluntary information sharing
NIST
RC.CO-1: Public relations
NIST
5.6: Contact with special interest groups
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Contact with industry-specific interest groups
Collection and monitoring of supplier-specific privacy commitments
Critical
High
Normal
Low
Agreements and monitoring
2
requirements

Examples of other requirements this task affects

CC9.2: Partner risk management
SOC 2
2.1.4: Reduce the risk of targeted manipulation of ICT products in the supply chain
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Collection and monitoring of supplier-specific privacy commitments

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.
Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessments
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security