Content library
Agreements and monitoring
Risk assessments in supplier agreements
Partner management
Agreements and monitoring

Risk assessments in supplier agreements

Start free trial

Task description

Risk assessments in supplier agreements

Management should be involved in decisions regarding the use of private suppliers and outsourcing of a certain scope. The organisation should also ensure that all supplier agreements include specific information security and privacy requirements with private suppliers are based on risk assessments.

The risk assessment should include scenarios involving the supplier's authorized and possibly unauthorized access to health and personal data and other confidential information. These contractual requirements should clearly define the supplier's responsibilities for protecting data, reporting incidents, and allowing for security audits. All phases of supplier management, from procurement to the termination of the agreement, should be covered.

Requirements connected to the task

No items found.

Other tasks from the same security theme

Task name
Priority
Policy
Other requirements
Agreement for electronic interaction responsibilities
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Agreement for electronic interaction responsibilities
Risk assessments in supplier agreements
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Risk assessments in supplier agreements
Provider support for the authorised representative
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

Article 22: Authorised representatives of high-risk AI system providers
AI Act (Base)
See all related requirements and other information from tasks own page.
Go to >
Provider support for the authorised representative
Data processing partner listing and owner assignment
Critical
High
Normal
Low
Agreements and monitoring
92
requirements

Examples of other requirements this task affects

Članak 30.1.d: Sigurnost lanca opskrbe
NIS2 Croatia
9.4 §: Toimitusketjun hallinta ja valvonta
Kyberturvallisuuslaki
1.2.4: Definition of responsibilities with service providers
TISAX
1.3.3: Use of approved external IT services
TISAX
6.1.1: Partner Information security
TISAX
See all related requirements and other information from tasks own page.
Go to >
Data processing partner listing and owner assignment
Documentation of partner contract status
Critical
High
Normal
Low
Agreements and monitoring
87
requirements

Examples of other requirements this task affects

Članak 30.1.d: Sigurnost lanca opskrbe
NIS2 Croatia
9.4 §: Toimitusketjun hallinta ja valvonta
Kyberturvallisuuslaki
30 § 3.4°: La sécurité de la chaîne d'approvisionnement
NIS2 Belgium
30 § 4°: Définir et contrôler les mesures de sécurité requises pour la chaîne d'approvisionnement
NIS2 Belgium
2.1.9: Maintain security responsibility during outsourcing
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Documentation of partner contract status
Documentation of customer groups whose information is processed by the organization
Critical
High
Normal
Low
Agreements and monitoring
9
requirements

Examples of other requirements this task affects

CLD 6.3: Relationship between cloud service customer and cloud service provider
ISO 27017
CLD 6.3.1: Shared roles and responsibilities within a cloud computing environment
ISO 27017
CLD 8.1.5: Removal of cloud service customer assets
ISO 27017
A.8.2.1: Customer agreement
ISO 27701
4.2: Interested parties
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Documentation of customer groups whose information is processed by the organization
Process for sharing data with external organisations
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Process for sharing data with external organisations
Verification of supplier personnel confidentiality
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Verification of supplier personnel confidentiality
Contractual sanctions for suppliers
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Contractual sanctions for suppliers
Agreement conditions for approved suppliers
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Agreement conditions for approved suppliers
Process for managing subcontractor changes
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Process for managing subcontractor changes
Data processing agreement template
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Data processing agreement template
Monitoring of cross-organizational data access
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Monitoring of cross-organizational data access
Roles and responsibilities in supplier management
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Roles and responsibilities in supplier management
Vendor management procedures and security requirements in supplier agreements
Critical
High
Normal
Low
Agreements and monitoring
2
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Vendor management procedures and security requirements in supplier agreements
Ensuring access to technical documentation of imported high-risk AI systems
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

Article 23: Declaration of conformity for importers of high-risk AI systems
AI Act (Base)
See all related requirements and other information from tasks own page.
Go to >
Ensuring access to technical documentation of imported high-risk AI systems
Internet service agreement requirements
Critical
High
Normal
Low
Agreements and monitoring
2
requirements

Examples of other requirements this task affects

36: Interneto paslaugų sutartis esminėms kibernetinio saugumo subjektams
NIS2 Guide Lithuania
37: Interneto paslaugų sutartis svarbiam kibernetinio saugumo subjektas
NIS2 Guide Lithuania
See all related requirements and other information from tasks own page.
Go to >
Internet service agreement requirements
Third party access to security information
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

34: Tiekėjų sutarčių reikalavimai
NIS2 Guide Lithuania
See all related requirements and other information from tasks own page.
Go to >
Third party access to security information
Technical and personnel requirements in supplier agreements
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

34: Tiekėjų sutarčių reikalavimai
NIS2 Guide Lithuania
See all related requirements and other information from tasks own page.
Go to >
Technical and personnel requirements in supplier agreements
Agreement for cybersecurity audit with registered auditor (Hungary)
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

16. §: Kiberbiztonsági audit
NIS2 Hungary
See all related requirements and other information from tasks own page.
Go to >
Agreement for cybersecurity audit with registered auditor (Hungary)
Security requirements for users of a central system (Hungary)
Critical
High
Normal
Low
Agreements and monitoring
2
requirements

Examples of other requirements this task affects

18. § (1): A központi rendszer szolgáltatójának felelősségei
NIS2 Hungary
18. § (2): A központi rendszer felhasználói szervezetének felelősségei
NIS2 Hungary
See all related requirements and other information from tasks own page.
Go to >
Security requirements for users of a central system (Hungary)
Notification process for security protection agreements (Sweden)
Critical
High
Normal
Low
Agreements and monitoring
2
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Notification process for security protection agreements (Sweden)
Designation of a 24/7 point of contact with CNCS (Portugal)
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

32°: Ponto de contacto permanente
NIS2 Portugal
See all related requirements and other information from tasks own page.
Go to >
Designation of a 24/7 point of contact with CNCS (Portugal)
Managing contracts with sub-processors
Critical
High
Normal
Low
Agreements and monitoring
2
requirements

Examples of other requirements this task affects

Article 17.5: Guarantees for sub-processor
PDPL
See all related requirements and other information from tasks own page.
Go to >
Managing contracts with sub-processors
Notification process for violations
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

Article 17.2: Controller instructions to the processor
PDPL
See all related requirements and other information from tasks own page.
Go to >
Notification process for violations
Operational plan for coordinated emergency preparedness (Denmark)
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

§ 113: Samordnet beredskab
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Operational plan for coordinated emergency preparedness (Denmark)
Inclusion of preparedness, physical and cybersecurity requirements in supplier agreements
Critical
High
Normal
Low
Agreements and monitoring
5
requirements

Examples of other requirements this task affects

§ 32: Leverandøraftale
Energisektor beredskabsbekendtgørelse
§ 31: Fjernadgang
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Inclusion of preparedness, physical and cybersecurity requirements in supplier agreements
Agreement with a cybersecurity service provider
Critical
High
Normal
Low
Agreements and monitoring
4
requirements

Examples of other requirements this task affects

§ 33: Krav til IT-sikkerhedstjenester og samarbejde
Energisektor beredskabsbekendtgørelse
§ 34: Håndtering af hændelser med IT-sikkerhedstjeneste
Energisektor beredskabsbekendtgørelse
6.9: Protection against malicious and unauthorised software
NIS2 Guide
See all related requirements and other information from tasks own page.
Go to >
Agreement with a cybersecurity service provider
Responsible network and cybersecurity practices (China)
Critical
High
Normal
Low
Agreements and monitoring
2
requirements

Examples of other requirements this task affects

Article 27: Individual and organizational obligations in cases of activities endangering cybersecurity
CSL (China)
Article 46: Network use responsibility
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Responsible network and cybersecurity practices (China)
Defining security maintenance in customer agreements
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

Article 22.2: Obligations for ongoing security maintenance
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Defining security maintenance in customer agreements
Business associate contracts and subcontractor obligations regarding PHI
Critical
High
Normal
Low
Agreements and monitoring
2
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Business associate contracts and subcontractor obligations regarding PHI
Joint notice of privacy practices for an organized health care
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Joint notice of privacy practices for an organized health care
Disclosure of PHI to business associates and subcontractors
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Disclosure of PHI to business associates and subcontractors
Procedure for information exchange with authorities (Belgium)
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

Art. 19: Échange d'informations
Loi infrastructures critiques
See all related requirements and other information from tasks own page.
Go to >
Procedure for information exchange with authorities (Belgium)
Monitoring policy of personal data
Critical
High
Normal
Low
Agreements and monitoring
3
requirements

Examples of other requirements this task affects

§ 6-4.4: Håndtering av overvåkingsdata
Sikkerhetsloven
Article 41: Collection and usage of personal information
CSL (China)
Article 33.5: Minimum requirements for personal data processing activities
PDPL
See all related requirements and other information from tasks own page.
Go to >
Monitoring policy of personal data
Appointing an authorization authority
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

§ 8-9: Autorisasjon
Sikkerhetsloven
See all related requirements and other information from tasks own page.
Go to >
Appointing an authorization authority
User notification of monitoring
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

§ 6-4.6: Informere autoriserte brukere om overvåking
Sikkerhetsloven
See all related requirements and other information from tasks own page.
Go to >
User notification of monitoring
Performing a special security protection assessment before starting sensitive procedures
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

§ 4.7: Skyldigheter inför förfaranden som kräver säkerhetsskyddsavtal
SSL
See all related requirements and other information from tasks own page.
Go to >
Performing a special security protection assessment before starting sensitive procedures
Informing acquirers of security protection obligations during transfers
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

§ 4.20: Upplysning om säkerhetsskyldigheter
SSL
See all related requirements and other information from tasks own page.
Go to >
Informing acquirers of security protection obligations during transfers
Supplier agreement review and non-compliance actions
Critical
High
Normal
Low
Agreements and monitoring
4
requirements

Examples of other requirements this task affects

§ 4.5: Motpartens efterlevnad av säkerhetsavtal
SSL
39: Tiekėjų sąrašo valdymas
NIS2 Guide Lithuania
38: Tiekėjų atitikties stebėsena
NIS2 Guide Lithuania
See all related requirements and other information from tasks own page.
Go to >
Supplier agreement review and non-compliance actions
Process for consultation with the supervisory authority
Critical
High
Normal
Low
Agreements and monitoring
2
requirements

Examples of other requirements this task affects

§ 4.15: Skyldigheten att samråda
SSL
See all related requirements and other information from tasks own page.
Go to >
Process for consultation with the supervisory authority
Performing a suitability assessment
Critical
High
Normal
Low
Agreements and monitoring
2
requirements

Examples of other requirements this task affects

§ 4.7: Skyldigheter inför förfaranden som kräver säkerhetsskyddsavtal
SSL
§ 4.9: Lämplighetsprövningen
SSL
See all related requirements and other information from tasks own page.
Go to >
Performing a suitability assessment
Implementation of cyber security measures (Lithuania)
Critical
High
Normal
Low
Agreements and monitoring
2
requirements

Examples of other requirements this task affects

14.2.: Kibernetinio saugumo reikalavimų terminas
NIS2 Lithuania
14.3.: Įgyvendinimo duomenų pateikimas
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Implementation of cyber security measures (Lithuania)
Process for handling and sharing vulnerability disclosures
Critical
High
Normal
Low
Agreements and monitoring
14
requirements

Examples of other requirements this task affects

RS.AN-5: Processes are established to receive, analyse, and respond to vulnerabilities disclosed to the organization from internal and external sources.
CyberFundamentals
ID.RA-08: Processes for handling vulnerability disclosures
NIST 2.0
30 § 3.11°: Divulgation des vulnérabilités
NIS2 Belgium
14.5.6): Tinklų ir informacinių sistemų saugumą
NIS2 Lithuania
Vuln.6: Sharing information about potential vulnerabilities
CRA
See all related requirements and other information from tasks own page.
Go to >
Process for handling and sharing vulnerability disclosures
Establishing agreements with third parties to provide consultation during an incident
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

4.1.4: Establish agreements with relevant third parties
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Establishing agreements with third parties to provide consultation during an incident
Assigning of a Public Relations Officer
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

RC.CO-1: Public relations are managed.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Assigning of a Public Relations Officer
Management of procurement and use of external IT services
Critical
High
Normal
Low
Agreements and monitoring
6
requirements

Examples of other requirements this task affects

1.3.3: Use of approved external IT services
TISAX
15.4: Ensure Service Provider Contracts Include Security Requirements
CIS 18
§ 9-4.1: Myndighet til å fatte vedtak ved anskaffelser til skjermingsverdig informasjonssystem, objekt og infrastruktur
Sikkerhetsloven
6.1: Security in acquisition of ICT services or ICT products
NIS2 Guide
See all related requirements and other information from tasks own page.
Go to >
Management of procurement and use of external IT services
Key contractual requirements for service providers supporting critical functions
Critical
High
Normal
Low
Agreements and monitoring
4
requirements

Examples of other requirements this task affects

Article 30: Key contractual provisions
DORA
13.1: Supporting utilities
NIS2 Guide
18. § (3): Jogi alap és a szolgáltatók és felhasználók közös operatív feladatai
NIS2 Hungary
See all related requirements and other information from tasks own page.
Go to >
Key contractual requirements for service providers supporting critical functions
Risk assessment and considerations for contracting ICT services supporting critical functions
Critical
High
Normal
Low
Agreements and monitoring
4
requirements

Examples of other requirements this task affects

Article 29: Preliminary assessment of ICT concentration risk at entity level
DORA
2.1.9: Maintain security responsibility during outsourcing
NSM ICT-SP
Article 34: ICT operations security
DORA simplified RMF
5.1.2: Supplier and service provider selection criteria
NIS2 Guide
See all related requirements and other information from tasks own page.
Go to >
Risk assessment and considerations for contracting ICT services supporting critical functions
Definition of information sharing agreements and notification obligations
Critical
High
Normal
Low
Agreements and monitoring
22
requirements

Examples of other requirements this task affects

Chapter VI: Information-sharing arrangements
DORA
Article 45: Information-sharing arrangements on cyber threat information and intelligence
DORA
27 § 2°: D'accords de partage d'informations en matière de cybersécurité
NIS2 Belgium
27 § 4°: Notification de la participation à des accords d'échange d'informations
NIS2 Belgium
19.4.: Dalijimosi informacija susitarimai
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Definition of information sharing agreements and notification obligations
Monitoring suppliers' compliance with security requirements
Critical
High
Normal
Low
Agreements and monitoring
68
requirements

Examples of other requirements this task affects

Članak 30.2: Dobavljačka kibernetička sigurnost i rizici
NIS2 Croatia
1.2.4: Definition of responsibilities with service providers
TISAX
30 § 4°: Définir et contrôler les mesures de sécurité requises pour la chaîne d'approvisionnement
NIS2 Belgium
2.1.10: Review the service provider’s security when outsourcing
NSM ICT-SP
ID.SC-3: Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization’s cybersecurity program and Cyber Supply Chain Risk Management Plan.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Monitoring suppliers' compliance with security requirements
Definition of supplier-specific responsible persons
Critical
High
Normal
Low
Agreements and monitoring
8
requirements

Examples of other requirements this task affects

8.1.2: Ownership of assets
ISO 27001
15.2.2: Managing changes to supplier services
ISO 27001
ID.SC-4: Audit suppliers and third-party partners
NIST
CC9.2: Partner risk management
SOC 2
ID.SC-4: Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Definition of supplier-specific responsible persons
Documentation of other stakeholders
Critical
High
Normal
Low
Agreements and monitoring
51
requirements

Examples of other requirements this task affects

HAL-04.6: Suojattavat kohteet - sidosryhmät
Julkri
HAL-05: Vaatimukset
Julkri
4.2: Interested parties
ISO 27001
3: Keskeisten sidos- ja asiakasryhmien kartoitus
Digiturvan kokonaiskuvapalvelu
21.2.d: Supply chain security
NIS2
See all related requirements and other information from tasks own page.
Go to >
Documentation of other stakeholders
Maintaining contact with cloud-related special interest groups
Critical
High
Normal
Low
Agreements and monitoring
4
requirements

Examples of other requirements this task affects

ID.RA-2: Cyber threat intelligence
NIST
6.1.4: Contact with special interest groups
ISO 27017
ID.RA-02: Cyber threat intelligence from forums and sources
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Maintaining contact with cloud-related special interest groups
Keeping contact with relevant authorities
Critical
High
Normal
Low
Agreements and monitoring
64
requirements

Examples of other requirements this task affects

Članak 37: Obavještavanje o značajnim incidentima
NIS2 Croatia
11 §: Poikkeamailmoitukset viranomaiselle
Kyberturvallisuuslaki
1.2.2: Information Security Responsibilities
TISAX
34 § 1°: Notifications d'incidents au CSIRT et aux bénéficiaires des services
NIS2 Belgium
RC.CO-1: Public relations are managed.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Keeping contact with relevant authorities
Detailed descriptions of required security measures for subcontractors on contracts related to offered cloud services
Critical
High
Normal
Low
Agreements and monitoring
4
requirements

Examples of other requirements this task affects

A.11.12: Sub-contracted PII processing
ISO 27018
15.1.3: Information and communication technology supply chain
ISO 27017
PR.AT-3: Third-party stakeholders (e.g., suppliers, customers, partners) understand their roles and responsibilities.
CyberFundamentals
Article 17.5: Guarantees for sub-processor
PDPL
See all related requirements and other information from tasks own page.
Go to >
Detailed descriptions of required security measures for subcontractors on contracts related to offered cloud services
Communicating responsibilities to suppliers
Critical
High
Normal
Low
Agreements and monitoring
12
requirements

Examples of other requirements this task affects

PR.AT-3: Third-party stakeholders
NIST
1.2.4: Definition of responsibilities with service providers
TISAX
ID.BE-1: The organization’s role in the supply chain is identified and communicated.
CyberFundamentals
PR.AT-3: Third-party stakeholders (e.g., suppliers, customers, partners) understand their roles and responsibilities.
CyberFundamentals
GV.SC-02: Establishing and communicating cybersecurity roles for suppliers, customers, and partners
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Communicating responsibilities to suppliers
Service level requirements in contracts related to the data processing environment
Critical
High
Normal
Low
Agreements and monitoring
6
requirements

Examples of other requirements this task affects

28: Palvelutasovaatimukset sopimuksissa
Digiturvan kokonaiskuvapalvelu
Article 30: Key contractual provisions
DORA
2.1.9: Maintain security responsibility during outsourcing
NSM ICT-SP
15.4: Ensure Service Provider Contracts Include Security Requirements
CIS 18
18. § (3): Jogi alap és a szolgáltatók és felhasználók közös operatív feladatai
NIS2 Hungary
See all related requirements and other information from tasks own page.
Go to >
Service level requirements in contracts related to the data processing environment
Evaluation of data processing agreement for important data processors
Critical
High
Normal
Low
Agreements and monitoring
15
requirements

Examples of other requirements this task affects

28. Data processor
GDPR
15.1.2: Addressing security within supplier agreements
ISO 27001
TSU-04.1: Henkilötietojen käsittelijä - Sopimukset
Julkri
5.20: Addressing information security within supplier agreements
ISO 27001
P6.5: Notification of unauthorized disclosure of personal information from third parties
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Evaluation of data processing agreement for important data processors
Managing changes to supplier services
Critical
High
Normal
Low
Agreements and monitoring
13
requirements

Examples of other requirements this task affects

15.2.2: Managing changes to supplier services
ISO 27001
HAL-16.1: Hankintojen turvallisuus - sopimukset
Julkri
CC3.4: Identification and assesment of changes
SOC 2
CC9.2: Partner risk management
SOC 2
Art. 10: Dienstleister
CSV
See all related requirements and other information from tasks own page.
Go to >
Managing changes to supplier services
Terms and conditions to limit changes directly affecting customer environments
Critical
High
Normal
Low
Agreements and monitoring
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Terms and conditions to limit changes directly affecting customer environments
Contact with industry-specific interest groups
Critical
High
Normal
Low
Agreements and monitoring
27
requirements

Examples of other requirements this task affects

6.1.4: Contact with special interest groups
ISO 27001
ID.RA-2: Cyber threat intelligence
NIST
RS.CO-5: Voluntary information sharing
NIST
RC.CO-1: Public relations
NIST
5.6: Contact with special interest groups
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Contact with industry-specific interest groups
Collection and monitoring of supplier-specific privacy commitments
Critical
High
Normal
Low
Agreements and monitoring
2
requirements

Examples of other requirements this task affects

CC9.2: Partner risk management
SOC 2
2.1.4: Reduce the risk of targeted manipulation of ICT products in the supply chain
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Collection and monitoring of supplier-specific privacy commitments

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.
Effortless compliance improvement
Widest framework library in EU
Extensive support

Get your compliance
foundation in minutes.

Learn what an AI-powered ISMS looks like in practice.
Start a free trial and see your compliance work launch in minutes.

Start free trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templatesTrust center
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessmentsInternal audits
Resources
AcademyWebinarsBlogHelp articlesVideo coursesTrust centerContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security
No items found.