The Third Party Information Security Standard establishes security requirements for the use of third parties that handle Commonwealth confidential information, either by storing, processing, transmitting or receiving information. This standard outlines the following controls to reduce the information security risks associated with contracted services and staff:
- Identification of risks related to third parties to ensure appropriate protection of Commonwealth information assets.
- Definition of information security requirements for third-party agreements.
- Third-party information management oversight from contract initiation through termination.