The organization must maintain a list of partners who have access to confidential information. System vendors and processors of personal data are listed separately from other stakeholders because they play an active role in the processing of data.
The organization must identify critical IT partners. A critical partner (internal or external) refers to a partner without whom the operation is interrupted.