If an organisation’s systems, applications or data are accessed or administered by a service provider in an unauthorised manner, the organisation is immediately notified.
Topic
Access to systems, applications and data by service providers
Applicable to
all
History
Jun 2024
If an organisation’s systems, applications or data are accessed or administered by a service provider in an unauthorised manner, the organisation is immediately notified.
The existing control recommending that if an organisation’s systems or data are accessed or administered by a service provider in an unauthorised manner that the organisation be immediately notified was amended to include applications.
Mar 2022
If an organisation’s systems or data are accessed or administered by a service provider in an unauthorised manner, the organisation is immediately notified.
Miscellaneous changes were made to rationale and recommendations throughout the publication to clarify content without changing intent. This included a review from the Guidelines for System Hardening chapter through to the Guidelines for Data Transfers chapter.
Jul 2020
If an organisation’s systems or information are accessed or administered by a service provider in an unauthorised manner, organisations are immediately notified.
Security control 1576 was introduced to ensurethe immediate notification of organisations when a service provider accesses or administers their systems or information in an unauthorised manner.