Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
DE.CM-06.2: External service providers' conformance with personnel security policies and procedures and contract security requirements shall be monitored relative to their cybersecurity risks. |
|
DE.CM-06.2 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p151 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_IMPORTANT_E_p102 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal of this control is to ensure that external service providers follow the organisation’s personnel security policies and contract requirements, especially when they have access to sensitive systems or data. This helps reduce the risk of security incidents caused by third-party staff and ensures that providers are held to the same standards as internal personnel. To achieve this goal, consider the following: • External providers should have clearly defined security responsibilities, which are documented in contracts or service-level agreements. • Contracts should include requirements such as: o Background checks for provider personnel o Signing of confidentiality agreements o Adherence to acceptable use policies • Compliance with these requirements should be monitored regularly, including checks for completed security training and signed agreements. • Providers should be required to notifythe organisation immediatelywhen staffwith system access are trans- ferred or leave their role, so access rights can be revoked without delay. • Periodic audits should be conducted to confirm that providers are following security policies. These may include: o Reviewing access logs and permissions o Verifying onboarding and offboarding procedures o Ensuring only authorised individuals have access to critical systems • Any issues or non-compliance should be documented, reported, and addressed through corrective actions and follow-up reviews. |
|
A general note, for any purpose. |
The goal of this control is to ensure that external service providers follow the organisation’s personnel security policies and contract requirements, especially when they have access to sensitive systems or data. This helps reduce the risk of security incidents caused by third-party staff and ensures that providers are held to the same standards as internal personnel. To achieve this goal, consider the following: - External providers should have clearly defined security responsibilities, which are documented in contracts or service-level agreements. - Contracts should include requirements such as: - Background checks for provider personnel - Signing of confidentiality agreements - Adherence to acceptable use policies - Compliance with these requirements should be monitored regularly, including checks for completed security training and signed agreements. - Providers should be required to notifythe organisation immediatelywhen staffwith system access are trans- ferred or leave their role, so access rights can be revoked without delay. - Periodic audits should be conducted to confirm that providers are following security policies. These may include: - Reviewing access logs and permissions - Verifying onboarding and offboarding procedures - Ensuring only authorised individuals have access to critical systems - Any issues or non-compliance should be documented, reported, and addressed through corrective actions and follow-up reviews. |
|
A general note, for any purpose. |
<div><p>The goal of this control is to ensure that external service providers follow the organisation’s personnel security policies and contract requirements, especially when they have access to sensitive systems or data. This helps reduce the risk of security incidents caused by third-party staff and ensures that providers are held to the same standards as internal personnel. To achieve this goal, consider the following:</p><ul><li>External providers should have clearly defined security responsibilities, which are documented in contracts or service-level agreements.</li><li>Contracts should include requirements such as:<ul><li>Background checks for provider personnel</li><li>Signing of confidentiality agreements</li><li>Adherence to acceptable use policies</li></ul></li><li>Compliance with these requirements should be monitored regularly, including checks for completed security training and signed agreements.</li><li>Providers should be required to notifythe organisation immediatelywhen staffwith system access are trans- ferred or leave their role, so access rights can be revoked without delay.</li><li>Periodic audits should be conducted to confirm that providers are following security policies. These may include:<ul><li>Reviewing access logs and permissions</li><li>Verifying onboarding and offboarding procedures</li><li>Ensuring only authorised individuals have access to critical systems</li></ul></li><li>Any issues or non-compliance should be documented, reported, and addressed through corrective actions and follow-up reviews.</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to ensure that external service providers follow the organisation’s personnel security policies and contract requirements, especially when they have access to sensitive systems or data. This helps reduce the risk of security incidents caused by third-party staff and ensures that providers are held to the same standards as internal personnel. To achieve this goal, consider the following: - External providers should have clearly defined security responsibilities, which are documented in contracts or service-level agreements. - Contracts should include requirements such as: - Background checks for provider personnel - Signing of confidentiality agreements - Adherence to acceptable use policies - Compliance with these requirements should be monitored regularly, including checks for completed security training and signed agreements. - Providers should be required to notifythe organisation immediatelywhen staffwith system access are trans- ferred or leave their role, so access rights can be revoked without delay. - Periodic audits should be conducted to confirm that providers are following security policies. These may include: - Reviewing access logs and permissions - Verifying onboarding and offboarding procedures - Ensuring only authorised individuals have access to critical systems - Any issues or non-compliance should be documented, reported, and addressed through corrective actions and follow-up reviews. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
DE.CM-06.2 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
External provider personnel security monitoring |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
External service providers' conformance with personnel security policies and procedures and contract security requirements shall be monitored relative to their cybersecurity risks. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_BASIC_to_IMPORTANT |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
19 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 21 of 21
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1