Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
GV.SC-07.1: The risks posed by a supplier, its products and services and other third parties shall be identified, documented, prioritised, mitigated and assessed at least annually and when changes occur during the relationship. |
|
GV.SC-07.1 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p37 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_IMPORTANT_E_p27 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
<div><p>The goal of this control is to ensure that risks related to suppliers, their products and services, and other third parties are continuously identified, assessed, prioritised, and managed throughout the relationship, especially when changes occur in critical systems. To achieve this goal:</p><ul><li>Tailored Risk Assessments Assessment formats and frequencies should be adapted based on the supplier’s reputation and the criticality of the products or services provided, including OT components.</li><li>Broader Risk Considerations Risk evaluations should include potential service disruptions and concentration risks that could impact operations or OT environments.</li><li>Evidence of Compliance Suppliers should provide evidence of compliance with contractual cybersecurity requirements, such as self- assessments (e.g. CyFun®), certifications, warranties, test results, labels, or third-party audit reports.</li><li>Ongoing Monitoring Critical suppliers should be monitored throughout the relationship using inspections, audits, tests, or other evaluation methods to ensure security obligations remain fulfilled.</li><li>Risk Profile Updates Changes in supplier services, products, or performance should trigger a reassessment of their risk profile and criticality, especially when OT systems are involved.</li><li>Business Continuity Planning An action plan should be in place to address unexpected supplier disruptions and maintain operational continuity.</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to ensure that risks related to suppliers, their products and services, and other third parties are continuously identified, assessed, prioritised, and managed throughout the relationship, especially when changes occur in critical systems. To achieve this goal: • Tailored Risk Assessments Assessment formats and frequencies should be adapted based on the supplier’s reputation and the criticality of the products or services provided, including OT components. • Broader Risk Considerations Risk evaluations should include potential service disruptions and concentration risks that could impact operations or OT environments. • Evidence of Compliance Suppliers should provide evidence of compliance with contractual cybersecurity requirements, such as self- assessments (e.g. CyFun®), certifications, warranties, test results, labels, or third-party audit reports. • Ongoing Monitoring Critical suppliers should be monitored throughout the relationship using inspections, audits, tests, or other evaluation methods to ensure security obligations remain fulfilled. • Risk Profile Updates Changes in supplier services, products, or performance should trigger a reassessment of their risk profile and criticality, especially when OT systems are involved. • Business Continuity Planning An action plan should be in place to address unexpected supplier disruptions and maintain operational continuity. |
|
A general note, for any purpose. |
The goal of this control is to ensure that risks related to suppliers, their products and services, and other third parties are continuously identified, assessed, prioritised, and managed throughout the relationship, especially when changes occur in critical systems. To achieve this goal: - Tailored Risk Assessments Assessment formats and frequencies should be adapted based on the supplier’s reputation and the criticality of the products or services provided, including OT components. - Broader Risk Considerations Risk evaluations should include potential service disruptions and concentration risks that could impact operations or OT environments. - Evidence of Compliance Suppliers should provide evidence of compliance with contractual cybersecurity requirements, such as self- assessments (e.g. CyFun®), certifications, warranties, test results, labels, or third-party audit reports. - Ongoing Monitoring Critical suppliers should be monitored throughout the relationship using inspections, audits, tests, or other evaluation methods to ensure security obligations remain fulfilled. - Risk Profile Updates Changes in supplier services, products, or performance should trigger a reassessment of their risk profile and criticality, especially when OT systems are involved. - Business Continuity Planning An action plan should be in place to address unexpected supplier disruptions and maintain operational continuity. |
|
A general note, for any purpose. |
The goal of this control is to ensure that risks related to suppliers, their products and services, and other third parties are continuously identified, assessed, prioritised, and managed throughout the relationship, especially when changes occur in critical systems. To achieve this goal: - Tailored Risk Assessments Assessment formats and frequencies should be adapted based on the supplier’s reputation and the criticality of the products or services provided, including OT components. - Broader Risk Considerations Risk evaluations should include potential service disruptions and concentration risks that could impact operations or OT environments. - Evidence of Compliance Suppliers should provide evidence of compliance with contractual cybersecurity requirements, such as self- assessments (e.g. CyFun®), certifications, warranties, test results, labels, or third-party audit reports. - Ongoing Monitoring Critical suppliers should be monitored throughout the relationship using inspections, audits, tests, or other evaluation methods to ensure security obligations remain fulfilled. - Risk Profile Updates Changes in supplier services, products, or performance should trigger a reassessment of their risk profile and criticality, especially when OT systems are involved. - Business Continuity Planning An action plan should be in place to address unexpected supplier disruptions and maintain operational continuity. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
GV.SC-07.1 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Supplier risk assessment |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
The risks posed by a supplier, its products and services and other third parties shall be identified, documented, prioritised, mitigated and assessed at least annually and when changes occur during the relationship. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_BASIC_to_IMPORTANT |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
19 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 21 of 21
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1