The organisation should conduct a political risk assessment for third parties that process or have access to the organisation's critical data, systems, or services. This assessment should be integrated into the overall cybersecurity risk analysis.
This assessment should specifically evaluate the following aspects related to the third party's operating environment:
- Compliance with international treaties to which the Slovak Republic is bound, and its membership in international organisations.
- The potential for influence or interference in the third party's activities by states that are not members of the European Union or the North Atlantic Treaty Organisation.
- The ownership and management structure of the third party, including any ownership share held by foreign states or foreign direct investment.
- The laws and international obligations of relevant foreign states regarding human rights, cybersecurity, combating cybercrime, personal data protection, and information security.
- Any specific information or intelligence concerning potential cyber threats from foreign states that could impact the interests of the Slovak Republic.
The results of this political risk assessment should be used to inform the adoption and implementation of appropriate security measures to mitigate identified risks.
.svg)
