CTPS 4.4 Requirement 3: Dependency and supply chain risk management
1A critical third party must (as part of its obligation under CTPS 4.3.1R (Requirement 2: Risk management)) identify and manage any risks to its supply chain that could affect its ability to deliver a systemic third party service.
1A critical third party must take reasonable steps to ensure that its key nth-party providers and persons connected with a critical third party that are part of its supply chain:
- (1)
are informed of the CTP duties that apply to the critical third party;
- (2)
cooperate with the critical third party in meeting those CTP duties; and
- (3)
provide the regulators with access to any information relevant to the exercise of their oversight functions.