UnixTime

Research Note

Third-Party Information Transfer Agreement Checklist

Use this when sensitive information or software is exchanged with suppliers, customers, partners, regulators, contractors, or other third parties.

On this page

When to use this

Practical use

Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.

Use this when sensitive information or software is exchanged with suppliers, customers, partners, regulators, contractors, or other third parties.

Agreement checklist

  • Information types and classifications are defined.
  • Permitted transfer methods are specified.
  • Encryption or secure portal requirements are defined.
  • Recipient authorization requirements are defined.
  • Onward transfer restrictions are defined.
  • Malware scanning or integrity checking responsibilities are defined.
  • Retention and deletion requirements are defined.
  • Incident notification requirements are defined.
  • Logging or evidence requirements are defined.
  • Confidentiality or NDA terms are included.
  • Change control applies to transfer methods.
  • Agreement is authorized at the appropriate level.
  • Agreement review frequency is defined.

Transfer record

Third party Information type Classification Transfer method Agreement/reference Owner Last reviewed Issues/actions
TBD TBD TBD TBD TBD TBD TBD TBD
  • Template
  • Iso27001
  • A5 14
  • Third parties

Note Metadata

Aliases: Third-Party Transfer Agreement Checklist

Source: 90 Templates/Third-Party Information Transfer Agreement Checklist.md

Graph-sourced resources

Templates and evidence

Auditor evidence packs

Evidence collections and audit-facing verification material.