G7 Fundamental Elements for third party cyber risk management in the financial sector
An updated guide to third party risk management for the finance sector.
Documents
Details
The use of third parties, including ICT providers, may introduce added cyber risks that entities should consider and manage. In recent years, cyber incidents have shown that critical parts of the ICT supply chain can involve cyber risk for an individual entity as well as systemic cyber risk to the financial sector. To support the development of third-party cyber risk management in the financial sector, the G7 issued the Fundamental Elements for Third Party Cyber Risk Management in the Financial Sector in 2018. In this 2022 version, the G7 has revised the 2018 Fundamental Elements to focus not only on the management of third-party relationships but also on ICT supply chain management.