http://cyfun.data.gift/data/requirement_GV_SC_07_3

http://cyfun.data.gift/data/requirement_GV_SC_07_3
Concept

Properties and relations

Direct links from the subject.

Property Value

type

The subject is an instance of a class.

http://cyfun.data.gift/ontology#Requirement

type

The subject is an instance of a class.

Concept

An idea or notion; a unit of thought.

label

A human-readable name for the subject.

GV.SC-07.3: The organisation shall audit business-critical third-party service providers for secu- rity compliance.

http://cyfun.data.gift/ontology#requirementId

GV.SC-07.3

http://cyfun.data.gift/ontology#foundIn

http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p39

has broader

Relates a concept to a concept that is more general in meaning.

http://cyfun.data.gift/data/subcategory_GV.SC-07

note

A general note, for any purpose.

The goal of this control is to ensure that business-critical third-party service providers are regularly audited to confirm conformance with agreed-upon security requirements, helping to manage risks to operations and critical systems. To achieve this goal: - Identify Critical Providers The criticality of third-party service providers should be assessed based on their impact on operations, including OT systems, and the level of risk they introduce. - Acceptable Audit Evidence Third-party audit results, such as certifications, independent assessments, or security attestations, should be accepted as valid evidence of conformance where appropriate. - Conduct SecurityAudits Regular audits should be performed on critical providers to verify that they meet contractual and policy- based security obligations.

note

A general note, for any purpose.

The goal of this control is to ensure that business-critical third-party service providers are regularly audited to confirm conformance with agreed-upon security requirements, helping to manage risks to operations and critical systems. To achieve this goal: - Identify Critical Providers The criticality of third-party service providers should be assessed based on their impact on operations, including OT systems, and the level of risk they introduce. - Acceptable Audit Evidence Third-party audit results, such as certifications, independent assessments, or security attestations, should be accepted as valid evidence of conformance where appropriate. - Conduct SecurityAudits Regular audits should be performed on critical providers to verify that they meet contractual and policy- based security obligations.

note

A general note, for any purpose.

The goal of this control is to ensure that business-critical third-party service providers are regularly audited to confirm conformance with agreed-upon security requirements, helping to manage risks to operations and critical systems. To achieve this goal: • Identify Critical Providers The criticality of third-party service providers should be assessed based on their impact on operations, including OT systems, and the level of risk they introduce. • Acceptable Audit Evidence Third-party audit results, such as certifications, independent assessments, or security attestations, should be accepted as valid evidence of conformance where appropriate. • Conduct SecurityAudits Regular audits should be performed on critical providers to verify that they meet contractual and policy- based security obligations.

note

A general note, for any purpose.

<div><p>The goal of this control is to ensure that business-critical third-party service providers are regularly audited to confirm conformance with agreed-upon security requirements, helping to manage risks to operations and critical systems. To achieve this goal:</p><ul><li>Identify Critical Providers The criticality of third-party service providers should be assessed based on their impact on operations, including OT systems, and the level of risk they introduce.</li><li>Acceptable Audit Evidence Third-party audit results, such as certifications, independent assessments, or security attestations, should be accepted as valid evidence of conformance where appropriate.</li><li>Conduct SecurityAudits Regular audits should be performed on critical providers to verify that they meet contractual and policy- based security obligations.</li></ul></div>

notation

A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme.

GV.SC-07.3

alternative label

skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties.

Third-party security compliance audits

preferred label

A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag.

The organisation shall audit business-critical third-party service providers for secu- rity compliance.

is in scheme

Relates a resource (for example a concept) to a concept scheme in which it is included.

http://cyfun.data.gift/data/CyFun2025

is in scheme

Relates a resource (for example a concept) to a concept scheme in which it is included.

http://cyfun.data.gift/data/CyFun2025_delta_IMPORTANT_to_ESSENTIAL

is in scheme

Relates a resource (for example a concept) to a concept scheme in which it is included.

http://cyfun.data.gift/data/CyFun2025_ESSENTIAL

http://cyfun.data.gift/ontology#level

http://cyfun.data.gift/data/level_ESSENTIAL

triple count

The number of triples associated with the subject.

17

in dataset

Specifies the dataset the subject is part of.

http://data.gift/d/datasets/69E8863AA6CE46D9ACD13109

Resultaten 1 - 19 of 19

References

Inverse links to the subject.

Property Subject

http://cyfun.data.gift/ontology#hasRequirement

http://cyfun.data.gift/data/subcategory_GV.SC-07

has narrower

Relates a concept to a concept that is more specific in meaning.

http://cyfun.data.gift/data/subcategory_GV.SC-07

Resultaten 1 - 1 of 1