Skip to main content
Policy Advisory

Policy Advisory  Third Party Risk Management Policy

Date: 01/01/2025
Organization: Cybersecurity and Enterprise Risk Management
Referenced Sources: MGL Chapter 7D, Section 2

The Third Party Risk Management Policy reinforces the Commonwealth’s commitment to an effective third-party risk management program and outlines the controls necessary to safeguard the Commonwealth’s information assets and reduce risks posed by improper management of third-party relationships, from contract initiation through termination.

Contact   for Third Party Risk Management Policy

Cybersecurity and Enterprise Risk Management

Online

For cybersecurity or risk management questions: Email Cybersecurity and Enterprise Risk Management at ERM@mass.gov
Skip table of contents

Table of Contents

You skipped the table of contents section.

Purpose

The purpose of this policy is to establish the minimum security requirements that must be implemented to manage third-party vendors who provide any type of information technology goods and/or services, outsources applications, cloud services, and/or network and security management to the Commonwealth. 

Downloads   for Third Party Risk Management Policy

Open PDF file, 183.73 KB,  IS.009 Third Party Risk Management Policy (English, PDF 183.73 KB)

Contact   for Third Party Risk Management Policy

Online

For cybersecurity or risk management questions: Email Cybersecurity and Enterprise Risk Management at ERM@mass.gov
Referenced Sources:
MGL Chapter 7D, Section 2

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.
Feedback