Data processing partner listing and owner assignment

Critical
High
Normal
Low

The organization must maintain a list of partners who have access to confidential information. System vendors and processors of personal data are listed separately from other stakeholders because they play an active role in the processing of data.

Connected other frameworks and requirements:
26. Joint controllers
GDPR
28. Processor
GDPR
44. General principle for transfers
GDPR
8.1.1: Inventory of assets
ISO 27001
13.2.2: Agreements on information transfer
ISO 27001

Prioritization of partners based on the confidentiality of the information processed

Critical
High
Normal
Low

The organization must prioritize partners based on the confidentiality of the information processed.

Connected other frameworks and requirements:
ID.SC-2: Suppliers and third party partners of information systems
NIST CSF
No items found.