Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
GV.SC-05.3: The organisation shall establish contractual requirements permitting the organisation to review the information/cybersecurity programs implemented by suppliers and third-party partners. |
|
GV.SC-05.3 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p36 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal of this control is to ensure that the organisation can assess and verify the information/cybersecurity practices of suppliers and third-party partners through contractual agreements. To achieve this goal: • Information/Cybersecurity Requirements Contracts should define clear information/cybersecurity expectations, including OT-specific controls where relevant. • Audit and Review Rights Agreements should grant the organisation the right to audit, assess, or review the information/cybersecurity programs of suppliers and partners. • Verification Methods Conformance should be verified through self-assessments, third-party certifications, or scheduled security evaluations. • Information Sharing Protocols Contracts should specify what information/cybersecurity-related information must be shared, how often, and through which channels. • Continuous Monitoring Suppliers should regularly report on their information/cybersecurity posture and disclose incidents that could impact operations, especially in OT environments. • Non-Compliance Consequences Contracts should outline consequences for failing to meet information/cybersecurity requirements, such as penalties or contract termination. |
|
A general note, for any purpose. |
<div><p>The goal of this control is to ensure that the organisation can assess and verify the information/cybersecurity practices of suppliers and third-party partners through contractual agreements. To achieve this goal:</p><ul><li>Information/Cybersecurity Requirements Contracts should define clear information/cybersecurity expectations, including OT-specific controls where relevant.</li><li>Audit and Review Rights Agreements should grant the organisation the right to audit, assess, or review the information/cybersecurity programs of suppliers and partners.</li><li>Verification Methods Conformance should be verified through self-assessments, third-party certifications, or scheduled security evaluations.</li><li>Information Sharing Protocols Contracts should specify what information/cybersecurity-related information must be shared, how often, and through which channels.</li><li>Continuous Monitoring Suppliers should regularly report on their information/cybersecurity posture and disclose incidents that could impact operations, especially in OT environments.</li><li>Non-Compliance Consequences Contracts should outline consequences for failing to meet information/cybersecurity requirements, such as penalties or contract termination.</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to ensure that the organisation can assess and verify the information/cybersecurity practices of suppliers and third-party partners through contractual agreements. To achieve this goal: - Information/Cybersecurity Requirements Contracts should define clear information/cybersecurity expectations, including OT-specific controls where relevant. - Audit and Review Rights Agreements should grant the organisation the right to audit, assess, or review the information/cybersecurity programs of suppliers and partners. - Verification Methods Conformance should be verified through self-assessments, third-party certifications, or scheduled security evaluations. - Information Sharing Protocols Contracts should specify what information/cybersecurity-related information must be shared, how often, and through which channels. - Continuous Monitoring Suppliers should regularly report on their information/cybersecurity posture and disclose incidents that could impact operations, especially in OT environments. - Non-Compliance Consequences Contracts should outline consequences for failing to meet information/cybersecurity requirements, such as penalties or contract termination. |
|
A general note, for any purpose. |
The goal of this control is to ensure that the organisation can assess and verify the information/cybersecurity practices of suppliers and third-party partners through contractual agreements. To achieve this goal: - Information/Cybersecurity Requirements Contracts should define clear information/cybersecurity expectations, including OT-specific controls where relevant. - Audit and Review Rights Agreements should grant the organisation the right to audit, assess, or review the information/cybersecurity programs of suppliers and partners. - Verification Methods Conformance should be verified through self-assessments, third-party certifications, or scheduled security evaluations. - Information Sharing Protocols Contracts should specify what information/cybersecurity-related information must be shared, how often, and through which channels. - Continuous Monitoring Suppliers should regularly report on their information/cybersecurity posture and disclose incidents that could impact operations, especially in OT environments. - Non-Compliance Consequences Contracts should outline consequences for failing to meet information/cybersecurity requirements, such as penalties or contract termination. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
GV.SC-05.3 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Supplier security programme review rights |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
The organisation shall establish contractual requirements permitting the organisation to review the information/cybersecurity programs implemented by suppliers and third-party partners. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_IMPORTANT_to_ESSENTIAL |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
1 |
|
|
The number of triples associated with the subject. |
19 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 21 of 21
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1