History

Priority

must

2010

Agencies must ensure a process is in place to provide assurance to its management that a third party meets,and will continue to meet, security requirements.

2008

An agency must ensure a third party complies with the agency’s ICT security expectations through a process providing assurance to agency management that the operation of ICT security within the third party meets, and continues to meet, these expectations.