ID.AM-04.130

Does your organization update its external service inventory when a new third-party service is adopted to ensure proper cybersecurity risk monitoring?

Explanation

Maintaining an updated inventory of external services is crucial for tracking third-party risk exposure and ensuring appropriate security monitoring is in place. When new cloud services, SaaS applications, or other external dependencies are adopted, they introduce potential security vulnerabilities that must be identified and managed. Evidence could include a documented process for updating the external service inventory, screenshots of the inventory management system showing recent additions, or change management records that demonstrate the inventory was updated when new services were onboarded.

Implementation Example

Update the inventory when a new external service is going to be utilized to ensure adequate cybersecurity risk management monitoring of the organization's use of that service

ID: ID.AM-04.130

Context

Function: ID: IDENTIFY
Category: ID.AM: Asset Management
Sub-Category: Inventories of services provided by suppliers are maintained

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub