Policy paper

G7 Fundamental Elements for third party cyber risk management in the financial sector

An updated guide to third party risk management for the finance sector.

This was published under the 2022 to 2024 Sunak Conservative government

Documents

G7 Fundamental Elements for third party cyber risk management in the financial sector

Request an accessible format.
If you use assistive technology (such as a screen reader) and need a version of this document in a more accessible format, please email digital.communications@hmtreasury.gov.uk. Please tell us what format you need. It will help us if you say what assistive technology you use.

Details

The use of third parties, including ICT providers, may introduce added cyber risks that entities should consider and manage. In recent years, cyber incidents have shown that critical parts of the ICT supply chain can involve cyber risk for an individual entity as well as systemic cyber risk to the financial sector. To support the development of third-party cyber risk management in the financial sector, the G7 issued the Fundamental Elements for Third Party Cyber Risk Management in the Financial Sector in 2018. In this 2022 version, the G7 has revised the 2018 Fundamental Elements to focus not only on the management of third-party relationships but also on ICT supply chain management.

Updates to this page

Published 3 February 2023

Sign up for emails or print this page