In the rapidly evolving realm of digital partnerships, the reliance on third-party collaborations has become indispensable for organizations aiming to innovate and expand. As these intricate alliances grow, so do the complexities of cyber security. The National Third-Party Security Policy is dedicated to navigate this intricate and diverse landscape, providing a robust set of security measures and directives. This policy is a commitment to secure collaboration, fostering trust, promoting transparency, and strengthening the fabric of the UAE’s interconnected digital ecosystem.

 

The Council has established this policy to enhance third party security, aligned with the UAE’s national priority to be a global leader in cyber security; and enhance the security posture of organizations and individuals within the UAE dealing with third party providers.

Governance

Establishes governance structures to support third-party security, raise employee awareness of cyber security risks, and implement measures to mitigate these risks.

 

Risk Management

Provide requirements to maintain a register of third-party suppliers based on their criticality, classify them by risk, assess associated cyber security risks, and develop strategies for continuous monitoring and risk mitigation.

 

Supplier Assessment

Defines requirements to set a criteria for assessing and selecting third-party suppliers, and verify their cyber security posture through evaluations.

 

Software & Hardware Supply Chain Security

Define security requirements for procurement, thoroughly evaluate products, establish acceptance and testing procedures, secure timely upgrades and maintenance, and protect data post end-of-life.

 

Contracts & Legal

Provides requirements to establish minimum cyber security requirements for suppliers, embed these requirements in contracts, and ensure compliance with legal obligations through contractual agreements.

 

Monitoring & Audit

Outlines requirements to verify that suppliers adhere to contractual requirements, establish tamper-proof audit trails, and ensure higher security for high-risk suppliers.

 

Supply Chain Resilience

Provide requirements to prepare for cyber security incidents within the supply chain, strengthen resilience, include third-party risks in resilience planning, and promote collaboration across the supply chain.