Third parties that have access to, control of, or custody of any IT, OT, or information assets that are important to the delivery of the function are identified, at least in an ad hoc manner
Context and Guidance: Create and maintain a list that provides basic information identifying important internal and external parties that have access to, control of, or custody of any IT, OT, or information assets. For some third parties, such as corporate IT, these important relationships may be entirely internal.
Related Practices • Input From: Implementing ASSET-1a and ASSET-2a provides input that may be useful for implementing this practice. • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: THIRD-PARTIES-1a, THIRD-PARTIES-1b, THIRD-PARTIES-1c, THIRD-PARTIES-1d, THIRD-PARTIES-1e, THIRD-PARTIES-1f.