GV.SC-10: Cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement
Ex1: Establish processes for terminating critical relationships under both normal and adverse circumstances
Ex2: Define and implement plans for component end-of-life maintenance support and obsolescence
Ex3: Verify that supplier access to organization resources is deactivated promptly when it is no longer needed
Ex4: Verify that assets containing the organization’s data are returned or properly disposed of in a timely, controlled, and safe manner
Ex5: Develop and execute a plan for terminating or transitioning supplier relationships that takes supply chain security risk and resiliency into account
Ex6: Mitigate risks to data and systems created by supplier termination
Ex7: Manage data leakage risks associated with supplier termination
Tier
Description
Cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement