Advisory

Advisory  Third Party Information Security Standard

Date: 10/05/2018
Organization: Cybersecurity and Enterprise Risk Management
Referenced Sources: MGL Chapter 7D, Section 2

This standard establishes the security requirements needed when a third party is working with the Commonwealth's confidential information.

Contact   for Third Party Information Security Standard

Cybersecurity and Enterprise Risk Management

Online

For cybersecurity or risk management questions: Email Cybersecurity and Enterprise Risk Management at ERM@mass.gov

Table of Contents

Purpose

The Third Party Information Security Standard establishes security requirements for the use of third parties that handle Commonwealth confidential information, either by storing, processing, transmitting or receiving information. This standard outlines the following controls to reduce the information security risks associated with contracted services and staff:

  • Identification of risks related to third parties to ensure appropriate protection of Commonwealth information assets.
  • Definition of information security requirements for third-party agreements.
  • Third-party information management oversight from contract initiation through termination.

Downloads   for Third Party Information Security Standard

Contact   for Third Party Information Security Standard

Online

For cybersecurity or risk management questions: Email Cybersecurity and Enterprise Risk Management at ERM@mass.gov
Referenced Sources:

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.
Feedback