A Product Delivery Organisation enters into many Third-Party Agreements to be able to efficiently carry out its responsibilities. Third-Parties are often the source of data breaches for Organisations and each additional Third-Party engaged increases the Organisation’s risk that is being introduced by the Product Delivery Organisation itself. Deliberately managing this risk is essential and the Head Of Product Delivery Organisation is accountable for this.
- Group or Individual
- Head Of Product Delivery Organisation
- Artefact
- Product Security Policy
- Concepts
- Third-Party Agreements
- Document
- Risk Type
- Viability
- Event
- An investigation into negligence
- Caused By
- Product Delivery Organisation not resolving differences between Product Security Policy and Third-Party Agreements
- Leading To
- A substantial fine and/or sanction from an external regulatory body
-
D-SR-B-1-1
Design > Security Requirements > Supplier Security
- Do stakeholders review vendor collaborations for security requirements and methodology?