Data processing partner listing and owner assignment
Critical
High
Normal
Low
The organization must maintain a list of partners who have access to confidential information. System vendors and processors of personal data are listed separately from other stakeholders because they play an active role in the processing of data.
See an example process description from task's page
Connected other frameworks and requirements:
28. Processor
GDPR
44. General principle for transfers
GDPR
26. Joint controllers
GDPR
15.1.1: Information security policy for supplier relationships