Data processing partner listing and owner assignment

Critical
High
Normal
Low

The organization must maintain a list of partners who have access to confidential information. System vendors and processors of personal data are listed separately from other stakeholders because they play an active role in the processing of data.

Connected other frameworks and requirements:
28. Processor
GDPR
44. General principle for transfers
GDPR
26. Joint controllers
GDPR
15.1.1: Information security policy for supplier relationships
ISO 27001
8.1.1: Inventory of assets
ISO 27001

Inventory and documentation of data processing agreements

Critical
High
Normal
Low

The processors of personal data (e.g. providers of data systems, other partners using our employee or customer data) and the agreements related to the processing of personal data have been documented. The documentation includes e.g.:

  • Processor name and location
  • Purpose of processing data
  • Status of agreement
Connected other frameworks and requirements:
28. Processor
GDPR
15.1.2: Addressing security within supplier agreements
ISO 27001
13.2.2: Agreements on information transfer
ISO 27001
A.8.2.4: Infringing instruction
ISO 27701
5.14: Information transfer
ISO 27001
No items found.