Important IT and OT third-party dependencies are identified (that is, internal and external parties on which the delivery of the function depends, including operating partners), at least in an ad hoc manner
Context and Guidance: Identify and maintain basic information about internal and external parties who may be required for continued performance of the function. Supplier dependencies, for example, might include IT service providers, incident response consultants, and equipment providers. Third parties may support the organisation's IT or OT assets and operational activities. Such information should be maintained in a form that is available to those responsible for third-party risk management.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: THIRD-PARTIES-1a, THIRD-PARTIES-1b, THIRD-PARTIES-1c, THIRD-PARTIES-1d, THIRD-PARTIES-1e, THIRD-PARTIES-1f.