![Policy for Third-party Information and Communication Technology (ICT) Risk Management Policy for Third-party Information and Communication Technology (ICT) Risk Management](/sites/default/files/styles/common_style/public/admin-resources-cover-image/Third-party-ICT-risk_cover_page.png?itok=DJWgej33)
Policy for Third-party Information and Communication Technology (ICT) Risk Management
Resource date: 04 Oct 2024
Author: ITSO
Publisher: UNFPA PD
Resource date: 04 Oct 2024
Author: ITSO
Publisher: UNFPA PD
This policy describes principles and rules for standard and critical third parties providing digital services, and describes contract obligations based on risks, establishing a shared responsibility model for managing them. The policy aims to: as per their classification, provide ICT risk evaluation rules for standard and critical providers of digital services; establish contract obligations based on evaluated risks for providers; and describe a shared responsibility model for managing providers.