Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
GV.SC-05.1: Requirements for addressing cybersecurity risks and the sharing of sensitive infor- mation in supply chains shall be established, prioritised, integrated into contracts and other types of formal agreements, and enforced. |
|
GV.SC-05.1 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p35 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_IMPORTANT_E_p27 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal of this control is to establish and enforce cybersecurity and sensitive data handling requirements in supply chain agreements, by integrating them into contracts and prioritising them based on risk. To make this happen, the following should be considered: • Contractual agreements and othertypes of formal agreementswith suppliers and otherrelevant third parties should define expectations, responsibilities, and security requirements. • Key elements of these agreements include information sharing between the organisation and its suppliers and sub-tier suppliers, security controls, incident response, and required compliance with standards and regulations. • Security requirements should be set for suppliers, products and services that are proportionate to the criticality and potential consequences if compromised. • All cybersecurity and supply chain requirements that third parties must comply with, should be included in standard contractual language (i.e., pre-drafted, commonly used terms and clauses that ensure consistency, compliance, and clarity). The contract should also specify how compliance with these requirements will be verified. • Considerto include in the enforcement that third-partyproviders and users (e.g. suppliers, customers, partners) should be able to demonstrate the understanding of their roles and responsibilities. • Consider defining security requirements in service-level agreements (SLAs) for monitoring suppliers for acceptable security performance throughout the supplier relationship lifecycle. • Consider to contractually require suppliers to vet their employees and guard against insider threats. • Consider to contractually require suppliers to provide evidence of performing acceptable security prac- tices through, for example, self-assessment (e.g. CyFun®), conformance to known standards, verifications (e.g. CyFun®), certifications (e.g. CyFun®), or inspections. • Keep in mind that GDPR requirements must be met if business information contains personal data (appli- cable at all levels), i.e. safeguards should be included in the contractual framework. |
|
A general note, for any purpose. |
The goal of this control is to establish and enforce cybersecurity and sensitive data handling requirements in supply chain agreements, by integrating them into contracts and prioritising them based on risk. To make this happen, the following should be considered: - Contractual agreements and othertypes of formal agreementswith suppliers and otherrelevant third parties should define expectations, responsibilities, and security requirements. - Key elements of these agreements include information sharing between the organisation and its suppliers and sub-tier suppliers, security controls, incident response, and required compliance with standards and regulations. - Security requirements should be set for suppliers, products and services that are proportionate to the criticality and potential consequences if compromised. - All cybersecurity and supply chain requirements that third parties must comply with, should be included in standard contractual language (i.e., pre-drafted, commonly used terms and clauses that ensure consistency, compliance, and clarity). The contract should also specify how compliance with these requirements will be verified. - Considerto include in the enforcement that third-partyproviders and users (e.g. suppliers, customers, partners) should be able to demonstrate the understanding of their roles and responsibilities. - Consider defining security requirements in service-level agreements (SLAs) for monitoring suppliers for acceptable security performance throughout the supplier relationship lifecycle. - Consider to contractually require suppliers to vet their employees and guard against insider threats. - Consider to contractually require suppliers to provide evidence of performing acceptable security prac- tices through, for example, self-assessment (e.g. CyFun®), conformance to known standards, verifications (e.g. CyFun®), certifications (e.g. CyFun®), or inspections. - Keep in mind that GDPR requirements must be met if business information contains personal data (appli- cable at all levels), i.e. safeguards should be included in the contractual framework. |
|
A general note, for any purpose. |
<div><p>The goal of this control is to establish and enforce cybersecurity and sensitive data handling requirements in supply chain agreements, by integrating them into contracts and prioritising them based on risk. To make this happen, the following should be considered:</p><ul><li>Contractual agreements and othertypes of formal agreementswith suppliers and otherrelevant third parties should define expectations, responsibilities, and security requirements.</li><li>Key elements of these agreements include information sharing between the organisation and its suppliers and sub-tier suppliers, security controls, incident response, and required compliance with standards and regulations.</li><li>Security requirements should be set for suppliers, products and services that are proportionate to the criticality and potential consequences if compromised.</li><li>All cybersecurity and supply chain requirements that third parties must comply with, should be included in standard contractual language (i.e., pre-drafted, commonly used terms and clauses that ensure consistency, compliance, and clarity). The contract should also specify how compliance with these requirements will be verified.</li><li>Considerto include in the enforcement that third-partyproviders and users (e.g. suppliers, customers, partners) should be able to demonstrate the understanding of their roles and responsibilities.</li><li>Consider defining security requirements in service-level agreements (SLAs) for monitoring suppliers for acceptable security performance throughout the supplier relationship lifecycle.</li><li>Consider to contractually require suppliers to vet their employees and guard against insider threats.</li><li>Consider to contractually require suppliers to provide evidence of performing acceptable security prac- tices through, for example, self-assessment (e.g. CyFun®), conformance to known standards, verifications (e.g. CyFun®), certifications (e.g. CyFun®), or inspections.</li><li>Keep in mind that GDPR requirements must be met if business information contains personal data (appli- cable at all levels), i.e. safeguards should be included in the contractual framework.</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to establish and enforce cybersecurity and sensitive data handling requirements in supply chain agreements, by integrating them into contracts and prioritising them based on risk. To make this happen, the following should be considered: - Contractual agreements and othertypes of formal agreementswith suppliers and otherrelevant third parties should define expectations, responsibilities, and security requirements. - Key elements of these agreements include information sharing between the organisation and its suppliers and sub-tier suppliers, security controls, incident response, and required compliance with standards and regulations. - Security requirements should be set for suppliers, products and services that are proportionate to the criticality and potential consequences if compromised. - All cybersecurity and supply chain requirements that third parties must comply with, should be included in standard contractual language (i.e., pre-drafted, commonly used terms and clauses that ensure consistency, compliance, and clarity). The contract should also specify how compliance with these requirements will be verified. - Considerto include in the enforcement that third-partyproviders and users (e.g. suppliers, customers, partners) should be able to demonstrate the understanding of their roles and responsibilities. - Consider defining security requirements in service-level agreements (SLAs) for monitoring suppliers for acceptable security performance throughout the supplier relationship lifecycle. - Consider to contractually require suppliers to vet their employees and guard against insider threats. - Consider to contractually require suppliers to provide evidence of performing acceptable security prac- tices through, for example, self-assessment (e.g. CyFun®), conformance to known standards, verifications (e.g. CyFun®), certifications (e.g. CyFun®), or inspections. - Keep in mind that GDPR requirements must be met if business information contains personal data (appli- cable at all levels), i.e. safeguards should be included in the contractual framework. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
GV.SC-05.1 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Supply chain cybersecurity contractual requirements |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
Requirements for addressing cybersecurity risks and the sharing of sensitive infor- mation in supply chains shall be established, prioritised, integrated into contracts and other types of formal agreements, and enforced. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_BASIC_to_IMPORTANT |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
19 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 21 of 21
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1